FreeIPA with ovirt 4.1

3 Feb 2017

      ...
</div><div><span style=3D"color: #000000; font-family: 'lucida console', s=
ans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: nor=
mal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal=
; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; wh=
ite-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width:=
 0px; background-color: #ffffff; display: inline !important; float: none;" =
data-mce-style=3D"color: #000000; font-family: 'lucida console', sans-serif=
; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font=
-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans=
: 2; text-align: start; text-indent: 0px; text-transform: none; white-space=
: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; bac=
kground-color: #ffffff; display: inline !important; float: none;"><br data-=
mce-bogus=3D"1"></span></div><div><div>[root@vhe00 extensions.d]# pwd</div>=
<div>/etc/ovirt-engine/extensions.d</div><div><br></div><div>[root@vhe00 ex=
tensions.d]# ls</div><div>mydomain.lan-authn.properties <span style=3D=
"color: #000000; font-family: 'lucida console', sans-serif; font-size: 16px=
; font-style: normal; font-variant-ligatures: normal; font-variant-caps: no=
rmal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; widows:=
 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #f=
fffff; display: inline !important; float: none;" data-mce-style=3D"color: #=
000000; font-family: 'lucida console', sans-serif; font-size: 16px; font-st=
yle: normal; font-variant-ligatures: normal; font-variant-caps: normal; fon=
t-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; te=
xt-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-=
spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; di=
splay: inline !important; float: none;">mydomain.lan</span>-http-authn.prop=
erties  <span style=3D"color: #000000; font-family: 'lucida console', =
sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: no=
rmal; font-variant-caps: normal; font-weight: normal; letter-spacing: norma=
l; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; w=
hite-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width=
: 0px; background-color: #ffffff; display: inline !important; float: none;"=
 data-mce-style=3D"color: #000000; font-family: 'lucida console', sans-seri=
f; font-size: 16px; font-style: normal; font-variant-ligatures: normal; fon=
t-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphan=
s: 2; text-align: start; text-indent: 0px; text-transform: none; white-spac=
e: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; ba=
ckground-color: #ffffff; display: inline !important; float: none;">mydomain=
.lan</span>.properties      internal-authz.properties</div><=
--=_c136e2c2-eb56-4389-a88a-8501528346dc
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Hello Everyone, 
Having trouble implement FreeIPA authentication with GSSAPI SSO and ovirt 4.1. I ran setup and it finished OK then it wrote the files bellow. Next I log to web admin with internal user and added FeeIPA user as SuperUser role. Also I added under System FreeIPA group authorized to login on any attempt to login with FreeIPA credentials getting message 

2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-6) [] Internal Server Error: Unsupported command 
2017-02-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-6) [] Unsupported command 
2017-02-04 00:03:08,659Z ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] server_error: Unsupported command 

Also when in extensions.d directory contain the following files. If I remove mydomain.lan-authn.properties then in web ui FreeIPA domain not showing up in drop down list. Any http don't have influence on this. 

[root@vhe00 extensions.d]# pwd 
/etc/ovirt-engine/extensions.d 

[root@vhe00 extensions.d]# ls 
mydomain.lan-authn.properties mydomain.lan -http-authn.properties mydomain.lan .properties internal-authz.properties 
mydomain.lan -authz.properties mydomain.lan -http-mapping.properties internal-authn.properties 
[root@vhe00 extensions.d]# 

If possible clarify how it should be and what is possible issue. 

Slava. 

--=_c136e2c2-eb56-4389-a88a-8501528346dc
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><body><div style=3D"font-family: lucida console,sans-serif; font-size=
: 12pt; color: #000000"><div>Hello Everyone,</div><div>Having trouble imple=
ment  FreeIPA authentication with GSSAPI SSO  and ovirt 4.1. I ra=
n setup and it finished OK then it wrote the files bellow. Next I log to we=
b admin with internal user and added FeeIPA user as SuperUser role. Also I =
added under System FreeIPA group authorized to login on any attempt to logi=
n with FreeIPA credentials getting message</div><div><br data-mce-bogus=3D"=
1"></div><div><br data-mce-bogus=3D"1"></div><div><div>2017-02-04 00:03:08,=
464Z ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (def=
ault task-6) [] Internal Server Error: Unsupported command</div><div>2017-0=
2-04 00:03:08,464Z ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (defaul=
t task-6) [] Unsupported command</div><div>2017-02-04 00:03:08,659Z ERROR [=
org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-3) [] =
server_error: Unsupported command</div></div><div><br></div><div><br data-m=
ce-bogus=3D"1"></div><div>Also when in extensions.d directory contain the f=
ollowing files. If I remove <span style=3D"color: #000000; font-family=
: 'lucida console', sans-serif; font-size: 16px; font-style: normal; font-v=
ariant-ligatures: normal; font-variant-caps: normal; font-weight: normal; l=
etter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; tex=
t-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webk=
it-text-stroke-width: 0px; background-color: #ffffff; display: inline !impo=
rtant; float: none;" data-mce-style=3D"color: #000000; font-family: 'lucida=
 console', sans-serif; font-size: 16px; font-style: normal; font-variant-li=
gatures: normal; font-variant-caps: normal; font-weight: normal; letter-spa=
cing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transfo=
rm: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-s=
troke-width: 0px; background-color: #ffffff; display: inline !important; fl=
oat: none;">mydomain.lan-authn.properties then in web ui FreeIPA domain not=
 showing up in drop down list. Any http don't have influence on this.</span=
div><span style=3D"color: #000000; font-family: 'lucida console', sans-seri=
f; font-size: 16px; font-style: normal; font-variant-ligatures: normal; fon=
t-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphan=
s: 2; text-align: start; text-indent: 0px; text-transform: none; white-spac=
e: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; ba=
ckground-color: #ffffff; display: inline !important; float: none;" data-mce=
-style=3D"color: #000000; font-family: 'lucida console', sans-serif; font-s=
ize: 16px; font-style: normal; font-variant-ligatures: normal; font-variant=
-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; tex=
t-align: start; text-indent: 0px; text-transform: none; white-space: normal=
; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-=
color: #ffffff; display: inline !important; float: none;">mydomain.lan</spa=
n>-authz.properties <span style=3D"color: #000000; font-family: 'lucid=
a console', sans-serif; font-size: 16px; font-style: normal; font-variant-l=
igatures: normal; font-variant-caps: normal; font-weight: normal; letter-sp=
acing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transf=
orm: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-=
stroke-width: 0px; background-color: #ffffff; display: inline !important; f=
loat: none;" data-mce-style=3D"color: #000000; font-family: 'lucida console=
', sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures:=
 normal; font-variant-caps: normal; font-weight: normal; letter-spacing: no=
rmal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none=
; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-wi=
dth: 0px; background-color: #ffffff; display: inline !important; float: non=
e;">mydomain.lan</span>-http-mapping.properties  internal-authn.proper=
ties</div><div>[root@vhe00 extensions.d]# </div></div><div><br></div><=
div><br data-mce-bogus=3D"1"></div><div>If possible clarify how it should b=
e and what is possible issue.</div><div><br data-mce-bogus=3D"1"></div><div=
...
<br data-mce-bogus=3D"1"></div><div><br data-mce-bogus=3D"1"></div><div>Sl=
ava. </div></div></body></html>
--=_c136e2c2-eb56-4389-a88a-8501528346dc--

Slava Bendersky

tags

participants (1)