Re: [Users] Single Sign On (Kerberos) to the user portal

----- Original Message ----- > From: "Sigbjorn Lie" <sigbjorn(a)nixtra.com&gt; > To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > Cc: users(a)ovirt.org > Sent: Sunday, December 16, 2012 2:22:37 AM > Subject: Re: [Users] Single Sign On (Kerberos) to the user portal > > On 12/15/2012 07:50 PM, Alon Bar-Lev wrote: >> ----- Original Message ----- >>> From: "Sigbjorn Lie" <sigbjorn(a)nixtra.com&gt; >>> To: users(a)ovirt.org >>> Sent: Saturday, December 15, 2012 6:25:22 PM >>> Subject: [Users] Single Sign On (Kerberos) to the user portal >>> >>> Hi, >>> >>> Is it possible to do Single Sign On to the user portal using >>> Kerberos? >>> >>> We have deployed FreeIPA where all our workstations are >>> authenticating. >>> We are already using SSO w/kerberos for web servers, and it would >>> be >>> handy if we could use SSO w/kerberos to authenticate to the User >>> Portal too. >> Hi, >> >> Not right now... we need some more work to make it happen. >> Can you help in this? >> >> Alon > I think I will struggle with the programming side. However I can be > of > assistance testing it out. > > I believe most of the work will already be done if there exists a > similar module for jboss such as the "mod_auth_kerb" for Apache. > > Has there been any work done at all with implementing SSO in the user > portal so far? What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side. Then use mod_auth_kerb to authenticate the user as I guess you would already have...