User login issues - version 4.5.1
hi all, new fresh installation version 4.5.1 I've created a dummy user, using ovirt-aaa-jdbc-tool. Reset the password and added it to a role from within the hosted-engine. when I attempt to logon to the portal using: user1@ovirt I get the following message in /var/log/ovirt-engine/keycloak.log: It must be something stupid I am missing, but I just cannot figure out what is wrong. Suggestions/recommendations are greatly appreciated. 2022-08-01 13:04:46,133Z WARN [org.keycloak.events] (default task-70) [] type=LOGIN_ERROR, realmId=bb5ae6fa-bc18-470c-bfde-1af5fa7c1e28, clientId=ovirt-engine-internal, userId=null, ipAddress=X.X.X.X, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=https://ovirt-engine1.ukteam.lab/ovirt-engine/callback, code_id=5f0eb48d-46d8-4bed-97fe-2649916ff0f9, username=user1@localhost, authSessionParentId=5f0eb48d-46d8-4bed-97fe-2649916ff0f9, authSessionTabId=dl7mnpAO5KY # ovirt-aaa-jdbc-tool user show user1 Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false -- User user1(a3579138-7c51-4573-a09e-18b0a42812b6) -- Namespace: * Name: user1 ID: a3579138-7c51-4573-a09e-18b0a42812b6 Display Name: Email: user1@localhost First Name: user Last Name: dummy Department: Title: Description: Account Disabled: false Account Locked: false Account Unlocked At: 1970-01-01 00:00:00Z Account Valid From: 2022-08-01 12:59:33Z Account Valid To: 2222-08-01 12:59:33Z Account Without Password: false Last successful Login At: 1970-01-01 00:00:00Z Last unsuccessful Login At: 1970-01-01 00:00:00Z Password Valid To: 2222-06-11 18:50:23Z
Someone has provided me the answer, by login on to keycloak (https://engine.<FQDN>/ovirt-engine-auth/) https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md
Hi, as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=2021497 from oVirt 4.5.1 for new installations we are configuring internal instance of Keycloak to provide authentication for oVirt engine. oVirt AAA providers has been deprecated and even though they continue to work and there are no plans at the moment to remove them, it's advised to plan the switch to Keycloak. So here are possible scenarios: 1. New oVirt 4.5.1+ deployments -> it's advised use either internal or external Keycloak to provide authentication 2. New oVirt 4.5.1+ deployment with AAA -> it's possible during engine-setup phase of installation process to choose to use AAA instead of Keycloak 3. Upgrade of older oVirt releases to 4.5.1+ a. If old installation used AAA, then during upgrade nothing changes and upgraded setup will continue to use AAA b. If old installation used Keycloak, then during upgrade nothing changes and upgraded setup will continue to use Keycloak 4. If administrators wants to switch from AAA to internal Keycloak in oVirt 4.5.1+, there is automated way to do it using engine-setup https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md... 5. If administrators wants to switcht from AAA to external Keycloak, there is manual procedure described in https://www.ovirt.org/documentation/administration_guide/index.html#Configur... and https://blogs.ovirt.org/2019/01/federate-ovirt-engine-authentication-to-open... For now the documentation around internal Keycloak instance is available at https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md and in the near future it will be incorporated into official oVirt documentation at https://www.ovirt.org/documentation/ For Keycloak related documentation please refer to https://www.keycloak.org/documentation Regards, Martin On Tue, Aug 2, 2022 at 11:21 AM r greg <itforums51@gmail.com> wrote:
Someone has provided me the answer, by login on to keycloak ( https://engine.<FQDN>/ovirt-engine-auth/)
https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/253WIFTLQLTGVV...
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
participants (3)
-
itforums51@gmail.com -
Martin Perina -
r greg