[ovirt-users] Re: oVirt Authentication and Authorization

What's your use-case? You need all users to access without any username/password? Why not rather share some username/password of guest account them? On 06/29/2018 12:39 PM, Hari Prasanth Loganathan wrote: > Guys any update on this, If you have any clarification in my query > please let me know. > > Thanks, > Hari > > On Thu, Jun 28, 2018 at 6:19 PM, Hari Prasanth Loganathan > <hariprasanth.l(a)msystechnologies.com > <mailto:hariprasanth.l@msystechnologies.com>> wrote: > > Hi Team, > > We have three components in our setup > > 1) Our Script (application using python) > 2) Ovirt > 3) LDAP (Also integrated to oVirt) > > 1) Our Python application is authenticating to LDAP and it creates a > token for our application > 2) For accessing the API's in oVIrt, I need to contact to the oVirt > API which authenticates and creates a token for it > 3) then I need to maintain the token of my application with its > mapping to the ovirt tokenId in my application. > > When I want to hit any oVirt API, First I perform the token check in > my application (using my application token) then I need to perform > the ovirt token check in oVirt. > > 1)*I would like to know Is there a way to skip the authentication > and authorization in oVIrt? > * > 2)*Or Is it possible to point the authentication check for oVirt (to > my application / to some URL which I configure) which always return > true and allow for all oVirt API's?* > > > *I did some analysis and verified the oVirt code in github, > Identified that it is going via a fliter in web.xml which points to > the class, Is it possible to tune this? * > >    <filter> >         <filter-name>RestApiSessionValidationFilter</filter-name> > > <filter-class>org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter</filter-class> >     </filter> >     <filter-mapping> >         <filter-name>RestApiSessionValidationFilter</filter-name> >         <url-pattern>/*</url-pattern> >     </filter-mapping> > >     <filter> >         <filter-name>SessionValidationFilter</filter-name> > > <filter-class>org.ovirt.engine.core.aaa.filters.SessionValidationFilter</filter-class> >     </filter> >     <filter-mapping> >         <filter-name>SessionValidationFilter</filter-name> >         <url-pattern>/*</url-pattern> >     </filter-mapping> > >     <filter> >         <filter-name>SsoRestApiAuthFilter</filter-name> > > <filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter</filter-class> >     </filter> >     <filter-mapping> >         <filter-name>SsoRestApiAuthFilter</filter-name> >         <url-pattern>/*</url-pattern> >     </filter-mapping> > >     <filter> >         <filter-name>SsoRestApiNegotiationFilter</filter-name> > > <filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter</filter-class> >     </filter> >     <filter-mapping> >         <filter-name>SsoRestApiNegotiationFilter</filter-name> >         <url-pattern>/*</url-pattern> >     </filter-mapping> > > If my query is not clear, please let me know. > > Thanks, > Hari > > > > > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5QK6VPZ5OQ... >