Hello, My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example). I don't know if this is the place to post this "request for help", if not, please forgive me :) The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue". It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication. I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think. My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?. ¿If yes, how? :-) ¿If not, will be support for this an anyone knows how? Thank you, and again, if this is not the correct list, sorry for the annoyance. Adolfo Gómez
This is exactly what the SSO feature is for. http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) ( http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------060104000609020602030104 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :) I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature. This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) ) Thank you Adolfo Gómez El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--------------060104000609020602030104 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)<br> <br> I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.<br> <br> This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )<br> <br> Thank you<br> <br> Adolfo Gómez<br> <br> <br> El 07/05/2015 a las 4:40, Dan Yasny escribió:<br> </div> <blockquote cite="mid:CALLXwb4PVoNur2n5L-+farT4NPvRM6CZ348ejXKDreC5KzLUPA@mail.gmail.com" type="cite"> <div dir="ltr">This is exactly what the SSO feature is for. <div><br> </div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/Features/SSO">http://www.ovirt.org/Features/SSO</a></div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows">http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows</a></div> <div><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html</a><br> <div><br> </div> <div><br> </div> </div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:24 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (<a moz-do-not-send="true" href="http://www.ovirt.org/Universidad_de_Sevilla_Case_Study" target="_blank">http://www.ovirt.org/Universidad_de_Sevilla_Case_Study</a> is done with it for example).<br> <br> I don't know if this is the place to post this "request for help", if not, please forgive me :)<br> <br> The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".<br> <br> It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.<br> <br> I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.<br> <br> My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.<br> <br> ¿If yes, how? :-)<br> ¿If not, will be support for this an anyone knows how?<br> <br> Thank you, and again, if this is not the correct list, sorry for the annoyance.<br> <br> Adolfo Gómez<br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------060104000609020602030104--
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things: desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) ( http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------020602070409040204070000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Yap, that the solution i was thinking about as "last resort". We have direct connection to engine, and currently we get connection parameters as this (after initializing connection, etc...): display = vm.get_display() ticket = vm.ticket().get_ticket() return { 'type': display.get_type(), 'address': display.get_address(), 'port': display.get_port(), 'secure_port': display.get_secure_port(), 'monitors': display.get_monitors(), 'cert_subject': display.get_certificate().get_subject(), 'ticket': { 'value': ticket.get_value(), 'expiry': ticket.get_expiry() } So we get all we need to connect. (we replace with returned data the ".vv" file created by oVirt admin on connect, and it works). Don't know exactly right now how to use vdsClient code for this, but i have already seen that it uses xmlrcp, so maybe, i can "invoke" the desktopLogin command using directly xmlrpc... will see We will make some tests on this, and let's see what happens Thank you very much for your help ;) Adolfo Gómez El 07/05/2015 a las 4:55, Dan Yasny escribió:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--------------020602070409040204070000 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">Yap, that the solution i was thinking about as "last resort".<br> <br> We have direct connection to engine, and currently we get connection parameters as this (after initializing connection, etc...):<br> <br> <br> display = vm.get_display()<br> ticket = vm.ticket().get_ticket()<br> return {<br> 'type': display.get_type(),<br> 'address': display.get_address(),<br> 'port': display.get_port(),<br> 'secure_port': display.get_secure_port(),<br> 'monitors': display.get_monitors(),<br> 'cert_subject': display.get_certificate().get_subject(),<br> 'ticket': {<br> 'value': ticket.get_value(),<br> 'expiry': ticket.get_expiry()<br> }<br> <br> So we get all we need to connect. (we replace with returned data the ".vv" file created by oVirt admin on connect, and it works). Don't know exactly right now how to use vdsClient code for this, but i have already seen that it uses xmlrcp, so maybe, i can "invoke" the desktopLogin command using directly xmlrpc... will see<br> <br> We will make some tests on this, and let's see what happens<br> <br> Thank you very much for your help ;)<br> <br> Adolfo Gómez<br> <br> El 07/05/2015 a las 4:55, Dan Yasny escribió:<br> </div> <blockquote cite="mid:CALLXwb5Sb4gqiQaVhzDjQRaBHEC2k8BOzRo_e_BC+_b59ym41Q@mail.gmail.com" type="cite"> <div dir="ltr">You can pass the credentials directly to the guest agent using vdsClient on the host, among other things: <div><br> </div> <div> <div>desktopLock</div> <div> <vmId></div> <div> Logoff current user</div> <div>desktopLogin</div> <div> <vmId> <domain> <user> <password></div> <div> Login to vmId desktop using the supplied credentials</div> <div>desktopLogoff</div> <div> <vmId> <force></div> <div> Lock user session. force should be set to true/false</div> </div> <div><br> </div> <div>Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:45 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div>I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)<br> <br> I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.<br> <br> This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )<br> <br> Thank you<br> <br> Adolfo Gómez <div> <div class="h5"><br> <br> <br> El 07/05/2015 a las 4:40, Dan Yasny escribió:<br> </div> </div> </div> <div> <div class="h5"> <blockquote type="cite"> <div dir="ltr">This is exactly what the SSO feature is for. <div><br> </div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/Features/SSO" target="_blank">http://www.ovirt.org/Features/SSO</a></div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows" target="_blank">http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows</a></div> <div><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat..." target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html</a><br> <div><br> </div> <div><br> </div> </div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:24 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (<a moz-do-not-send="true" href="http://www.ovirt.org/Universidad_de_Sevilla_Case_Study" target="_blank">http://www.ovirt.org/Universidad_de_Sevilla_Case_Study</a> is done with it for example).<br> <br> I don't know if this is the place to post this "request for help", if not, please forgive me :)<br> <br> The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".<br> <br> It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.<br> <br> I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.<br> <br> My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.<br> <br> ¿If yes, how? :-)<br> ¿If not, will be support for this an anyone knows how?<br> <br> Thank you, and again, if this is not the correct list, sorry for the annoyance.<br> <br> Adolfo Gómez<br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> <br> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------020602070409040204070000--
...and it looks like in the latest versions the REST API has */vms/{vmid}/logon* *https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console>* On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny@gmail.com> wrote:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) ( http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------060408000902060401070107 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit O.o that is what i was looking for!!!... Has to take a BIG look at it... ;) Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;) Adolfo Gómez El 07/05/2015 a las 5:05, Dan Yasny escribió:
...and it looks like in the latest versions the REST API has //vms/{vmid}/logon/ / / /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... /
On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny@gmail.com <mailto:dyasny@gmail.com>> wrote:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--------------060408000902060401070107 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">O.o that is what i was looking for!!!... Has to take a BIG look at it... ;)<br> <br> Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;)<br> <br> Adolfo Gómez<br> <br> <br> El 07/05/2015 a las 5:05, Dan Yasny escribió:<br> </div> <blockquote cite="mid:CALLXwb6Mdtqky4TN8Dp7U187VuyrBtpQ=viYQGh7b+cR8aK1+g@mail.gmail.com" type="cite"> <div dir="ltr">...and it looks like in the latest versions the REST API has <i style="color:rgb(0,0,0);white-space:pre-wrap">/vms/{vmid}/logon</i> <div><i style="color:rgb(0,0,0);white-space:pre-wrap"><br> </i></div> <div><i style=""><font color="#000000"><span style="white-space:pre-wrap"><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console</a></span></font><br> </i></div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <span dir="ltr"><<a moz-do-not-send="true" href="mailto:dyasny@gmail.com" target="_blank">dyasny@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir="ltr">You can pass the credentials directly to the guest agent using vdsClient on the host, among other things: <div><br> </div> <div> <div>desktopLock</div> <div> <vmId></div> <div> Logoff current user</div> <div>desktopLogin</div> <div> <vmId> <domain> <user> <password></div> <div> Login to vmId desktop using the supplied credentials</div> <div>desktopLogoff</div> <div> <vmId> <force></div> <div> Lock user session. force should be set to true/false</div> </div> <div><br> </div> <div>Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID</div> </div> <div class="HOEnZb"> <div class="h5"> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:45 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div>I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)<br> <br> I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.<br> <br> This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )<br> <br> Thank you<br> <br> Adolfo Gómez <div> <div><br> <br> <br> El 07/05/2015 a las 4:40, Dan Yasny escribió:<br> </div> </div> </div> <div> <div> <blockquote type="cite"> <div dir="ltr">This is exactly what the SSO feature is for. <div><br> </div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/Features/SSO" target="_blank">http://www.ovirt.org/Features/SSO</a></div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows" target="_blank">http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows</a></div> <div><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat..." target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html</a><br> <div><br> </div> <div><br> </div> </div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:24 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (<a moz-do-not-send="true" href="http://www.ovirt.org/Universidad_de_Sevilla_Case_Study" target="_blank">http://www.ovirt.org/Universidad_de_Sevilla_Case_Study</a> is done with it for example).<br> <br> I don't know if this is the place to post this "request for help", if not, please forgive me :)<br> <br> The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".<br> <br> It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.<br> <br> I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.<br> <br> My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.<br> <br> ¿If yes, how? :-)<br> ¿If not, will be support for this an anyone knows how?<br> <br> Thank you, and again, if this is not the correct list, sorry for the annoyance.<br> <br> Adolfo Gómez<br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> <br> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> </div> </div> </div> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html> --------------060408000902060401070107--
This is a multi-part message in MIME format. --------------040103060309060801090700 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit :`(... after looking at this, this is not what i was looking for (but almost). This API call seems to make logon on desktop using "the credentials of the client. I mean, we can't pass the user credentials (as with vdsClient), ovirt takes them from their own. (I think that from user that makes the API call). I need to pass the "username" "password" "domain" data in a way similar to this, but be able to do it without registering the user inside ovirt, making a call with the users credentials, etc... so back to beginning i guess... :( Anyway, thank you very much for taking your time for helping me ;-) Regards, Adolfo gómez El 07/05/2015 a las 5:10, Adolfo escribió:
O.o that is what i was looking for!!!... Has to take a BIG look at it... ;)
Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;)
Adolfo Gómez
El 07/05/2015 a las 5:05, Dan Yasny escribió:
...and it looks like in the latest versions the REST API has //vms/{vmid}/logon/ / / /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... /
On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny@gmail.com <mailto:dyasny@gmail.com>> wrote:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--------------040103060309060801090700 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">:`(... after looking at this, this is not what i was looking for (but almost).<br> <br> This API call seems to make logon on desktop using "the credentials of the client. I mean, we can't pass the user credentials (as with vdsClient), ovirt takes them from their own. (I think that from user that makes the API call).<br> <br> I need to pass the "username" "password" "domain" data in a way similar to this, but be able to do it without registering the user inside ovirt, making a call with the users credentials, etc... so back to beginning i guess... :(<br> <br> Anyway, thank you very much for taking your time for helping me ;-)<br> <br> Regards,<br> <br> Adolfo gómez<br> <br> <br> El 07/05/2015 a las 5:10, Adolfo escribió:<br> </div> <blockquote cite="mid:554AD78C.7080705@virtualcable.es" type="cite"> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <div class="moz-cite-prefix">O.o that is what i was looking for!!!... Has to take a BIG look at it... ;)<br> <br> Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;)<br> <br> Adolfo Gómez<br> <br> <br> El 07/05/2015 a las 5:05, Dan Yasny escribió:<br> </div> <blockquote cite="mid:CALLXwb6Mdtqky4TN8Dp7U187VuyrBtpQ=viYQGh7b+cR8aK1+g@mail.gmail.com" type="cite"> <div dir="ltr">...and it looks like in the latest versions the REST API has <i style="color:rgb(0,0,0);white-space:pre-wrap">/vms/{vmid}/logon</i> <div><i style="color:rgb(0,0,0);white-space:pre-wrap"><br> </i></div> <div><i style=""><font color="#000000"><span style="white-space:pre-wrap"><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console</a></span></font><br> </i></div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <span dir="ltr"><<a moz-do-not-send="true" href="mailto:dyasny@gmail.com" target="_blank">dyasny@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir="ltr">You can pass the credentials directly to the guest agent using vdsClient on the host, among other things: <div><br> </div> <div> <div>desktopLock</div> <div> <vmId></div> <div> Logoff current user</div> <div>desktopLogin</div> <div> <vmId> <domain> <user> <password></div> <div> Login to vmId desktop using the supplied credentials</div> <div>desktopLogoff</div> <div> <vmId> <force></div> <div> Lock user session. force should be set to true/false</div> </div> <div><br> </div> <div>Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID</div> </div> <div class="HOEnZb"> <div class="h5"> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:45 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div>I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)<br> <br> I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.<br> <br> This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )<br> <br> Thank you<br> <br> Adolfo Gómez <div> <div><br> <br> <br> El 07/05/2015 a las 4:40, Dan Yasny escribió:<br> </div> </div> </div> <div> <div> <blockquote type="cite"> <div dir="ltr">This is exactly what the SSO feature is for. <div><br> </div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/Features/SSO" target="_blank">http://www.ovirt.org/Features/SSO</a></div> <div><a moz-do-not-send="true" href="http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows" target="_blank">http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows</a></div> <div><a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat..." target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html</a><br> <div><br> </div> <div><br> </div> </div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On Wed, May 6, 2015 at 10:24 PM, Adolfo <span dir="ltr"><<a moz-do-not-send="true" href="mailto:agomez@virtualcable.es" target="_blank">agomez@virtualcable.es</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br> <br> My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (<a moz-do-not-send="true" href="http://www.ovirt.org/Universidad_de_Sevilla_Case_Study" target="_blank">http://www.ovirt.org/Universidad_de_Sevilla_Case_Study</a> is done with it for example).<br> <br> I don't know if this is the place to post this "request for help", if not, please forgive me :)<br> <br> The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".<br> <br> It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.<br> <br> I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.<br> <br> My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.<br> <br> ¿If yes, how? :-)<br> ¿If not, will be support for this an anyone knows how?<br> <br> Thank you, and again, if this is not the correct list, sorry for the annoyance.<br> <br> Adolfo Gómez<br> <br> _______________________________________________<br> Users mailing list<br> <a moz-do-not-send="true" href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br> <a moz-do-not-send="true" href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br> </blockquote> </div> <br> </div> </blockquote> <br> </div> </div> </div> </blockquote> </div> <br> </div> </div> </div> </blockquote> </div> <br> </div> </blockquote> <br> </blockquote> <br> </body> </html> --------------040103060309060801090700--
On 05/07/2015 05:25 AM, Adolfo wrote:
:`(... after looking at this, this is not what i was looking for (but almost).
This API call seems to make logon on desktop using "the credentials of the client. I mean, we can't pass the user credentials (as with vdsClient), ovirt takes them from their own. (I think that from user that makes the API call).
I need to pass the "username" "password" "domain" data in a way similar to this, but be able to do it without registering the user inside ovirt, making a call with the users credentials, etc... so back to beginning i guess... :(
Anyway, thank you very much for taking your time for helping me ;-)
Regards,
Adolfo gómez
If your broker has the credentials of the user then you can connect to the API using those credentials, and invoke the "logon" operation, something like this: ---8<--- #!/bin/sh -ex curl \ --verbose \ --cacert /the/path/to/the/ca/cert \ --request POST \ --user "myuser@mydomain:mypassword" \ --header "Content-Type: application/xml" \ --header "Accept: application/xml" \ --data ' <action/> ' \ "https://engine.example.com/ovirt-engine/api/vms/myvm/login" --->8---
El 07/05/2015 a las 5:10, Adolfo escribió:
O.o that is what i was looking for!!!... Has to take a BIG look at it... ;)
Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;)
Adolfo Gómez
El 07/05/2015 a las 5:05, Dan Yasny escribió:
...and it looks like in the latest versions the REST API has //vms/{vmid}/logon/ / / /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... /
On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny@gmail.com <mailto:dyasny@gmail.com>> wrote:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
Thank you very much. The problem is that the broker supports a wide variety of authenticators, and the users that logins UDS are not oVirt users... :(. (I.e. we support SAML as auth, o eDirectory users, and UDS users are not registered inside oVirt, i mean, they are not oVirt users) The easier way is that API exposes "vdsClient", but it did not.. (maybe i need a post on devel list)? Right now, i'm going to try to connect using or vdsClient or, if i can, the XMLRPC interface... I have to do some tests... Thank you very much for your help ;-) Regards, Adolfo Gómez El 07/05/2015 a las 11:29, Juan Hernández escribió:
On 05/07/2015 05:25 AM, Adolfo wrote:
:`(... after looking at this, this is not what i was looking for (but almost).
This API call seems to make logon on desktop using "the credentials of the client. I mean, we can't pass the user credentials (as with vdsClient), ovirt takes them from their own. (I think that from user that makes the API call).
I need to pass the "username" "password" "domain" data in a way similar to this, but be able to do it without registering the user inside ovirt, making a call with the users credentials, etc... so back to beginning i guess... :(
Anyway, thank you very much for taking your time for helping me ;-)
Regards,
Adolfo gómez
If your broker has the credentials of the user then you can connect to the API using those credentials, and invoke the "logon" operation, something like this:
---8<--- #!/bin/sh -ex
curl \ --verbose \ --cacert /the/path/to/the/ca/cert \ --request POST \ --user "myuser@mydomain:mypassword" \ --header "Content-Type: application/xml" \ --header "Accept: application/xml" \ --data ' <action/> ' \ "https://engine.example.com/ovirt-engine/api/vms/myvm/login" --->8---
El 07/05/2015 a las 5:10, Adolfo escribió:
O.o that is what i was looking for!!!... Has to take a BIG look at it... ;)
Thank you very much again, i was looking for this, but after "googling" a lot didn't found it!!! ;)
Adolfo Gómez
El 07/05/2015 a las 5:05, Dan Yasny escribió:
...and it looks like in the latest versions the REST API has //vms/{vmid}/logon/ / / /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat... /
On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny@gmail.com <mailto:dyasny@gmail.com>> wrote:
You can pass the credentials directly to the guest agent using vdsClient on the host, among other things:
desktopLock <vmId> Logoff current user desktopLogin <vmId> <domain> <user> <password> Login to vmId desktop using the supplied credentials desktopLogoff <vmId> <force> Lock user session. force should be set to true/false
Will probably require key based remote ssh execution, and API calls to the engine, to determine the host and VM UUID
On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
I know, but this all is used from "ovirt portal", and we are only using ovirt api, the portal is provided by own broker :)
I'm currently looking at the code of vdsClient, to see if i can replicate the "desktopLogin" feature.
This was why i was wondering if this is the place to post this, because it's more related to "development", but not to de development of ovirt itself (or yes, don't know right now... :) )
Thank you
Adolfo Gómez
El 07/05/2015 a las 4:40, Dan Yasny escribió:
This is exactly what the SSO feature is for.
http://www.ovirt.org/Features/SSO http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
On Wed, May 6, 2015 at 10:24 PM, Adolfo <agomez@virtualcable.es <mailto:agomez@virtualcable.es>> wrote:
Hello,
My name is Adolfo. I'm in charge of the development of UDS, an open source connection broker (with commercial support if requested) (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study is done with it for example).
I don't know if this is the place to post this "request for help", if not, please forgive me :)
The case is that we are including Spice as an accepted protocol for connecting to VMs (currently we allow rdp, rgs, nx, ...) provided by oVirt, and we have found the following "issue".
It's ease to get the connection parameters for the VM using REST api, even get the ticket for allowing connection, but i have been looking for a way "logging user" directly into desktop, not only connect to "display" but also "log in" into remote without needed to use a second authentication.
I have seen that oVirt Portal currently allows this, and i have found also that vsdClient can do login using "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN> <USER> <PASSWORD>", and although it is possible to use this, it will be a bit "tricky" to get it working i think.
My question is... ¿Is any way of doing "desktop login" using REST API, or any other "simple method" from an external app such as this broker?.
¿If yes, how? :-) ¿If not, will be support for this an anyone knows how?
Thank you, and again, if this is not the correct list, sorry for the annoyance.
Adolfo Gómez
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Adolfo -
Dan Yasny -
Juan Hernández