Hi,

if you want to expose your LDAP server to keycloak you need to login keycloak admin console https://ENGINE_FQDN/ovirt-engine-auth/admin and login as admin user with password specified in engine-setup.
If you are not familiar with Keycloak, please take a look at Keycloak documentation https://www.keycloak.org/documentation
and especially at Keycloak Administration Guide on LDAP configuration: https://www.keycloak.org/docs/latest/server_admin/index.html#_ldap

Regards,
Martin


On Tue, Aug 2, 2022 at 9:07 AM <adam_xu@adagene.com.cn> wrote:

Ok. I understand. This question is equivalent to:

How to add active directory via Keycloak?

No document on ovirt.org.

 

发件人: adam_xu@adagene.com.cn <adam_xu@adagene.com.cn>
发送时间: 202282 13:50
收件人: users@ovirt.org
主题: [ovirt-users] login error via active directory

 

Hi Ovirt list,

I have a fresh installed ovirt cluster. Version 4.5.1.3

And I ran " ovirt-engine-extension-aaa-ldap-setup” to attach an AD successfully.

First question is:

When I click “Administration Portal”, the login page jumped to https://engine.example.com/ovirt-engine-auth/realms/ovirt-internal/protocol/openid-connect/auth?response_type=code&scope=openid&client_id=ovirt-engine-internal&state=pWm6gymCKh9eW-pq1P5PSdvSeUY&redirect_uri=https%3A%2F%2Fengine.adagene.cn%2Fovirt-engine%2Fcallback&nonce=Rnx6mYrKjBLP0bEnPEUKAjE0jQ96IaJIz6IY7j8a4b0

Not the https://engine.example.com/ovirt-engine/sso/login.html page.

I removed the httpd conf file /etc/httpd/conf.d/internalsso-openidc.conf  and restart httpd. This time, it jumped to https://engine.example.com/ovirt-engine/sso/login.html

 

The second question:

When I try to login via Active Directory accounts, it said

server_error: Missing parameter: 'params'

 

here’s some logs in engine.log

2022-08-02 13:43:54,686+08 INFO  [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-8) [38f1f346] Lock freed to object 'EngineLock:{exclusiveLocks='[7ae0fbd3-c2fb-4a82-8d36-6c88c5bce900=PROVIDER]', sharedLocks=''}'

2022-08-02 13:46:47,451+08 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-3) [] Internal Server Error: Missing parameter: 'params'

2022-08-02 13:46:47,451+08 ERROR [org.ovirt.engine.core.sso.service.SsoService] (default task-3) [] Missing parameter: 'params'

2022-08-02 13:46:47,632+08 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] server_error: Missing parameter: 'params'

2022-08-02 13:47:18,747+08 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-3) [] Internal Server Error: Missing parameter: 'params'

2022-08-02 13:47:18,747+08 ERROR [org.ovirt.engine.core.sso.service.SsoService] (default task-3) [] Missing parameter: 'params'

2022-08-02 13:47:46,550+08 INFO  [org.ovirt.engine.core.bll.utils.ThreadPoolMonitoringService] (EE-ManagedScheduledExecutorService-engineThreadMonitoringThreadPool-Thread-1) [] Thread pool 'default' is using 0 threads out of 1, 5 threads waiting for tasks.

 

I need your help.

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/STKB6SLQBSPDJE3ATU5RHCRZV54CKXE6/


--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.