----- Original Message -----
From: "Sigbjorn Lie" <sigbjorn@nixtra.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: users@ovirt.org Sent: Sunday, December 16, 2012 2:22:37 AM Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Sigbjorn Lie" <sigbjorn@nixtra.com> To: users@ovirt.org Sent: Saturday, December 15, 2012 6:25:22 PM Subject: [Users] Single Sign On (Kerberos) to the user portal
Hi,
Is it possible to do Single Sign On to the user portal using Kerberos?
We have deployed FreeIPA where all our workstations are authenticating. We are already using SSO w/kerberos for web servers, and it would be handy if we could use SSO w/kerberos to authenticate to the User Portal too. Hi,
Not right now... we need some more work to make it happen. Can you help in this?
Alon
I think I will struggle with the programming side. However I can be of assistance testing it out.
I believe most of the work will already be done if there exists a similar module for jboss such as the "mod_auth_kerb" for Apache.
Has there been any work done at all with implementing SSO in the user portal so far?
What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side. Then use mod_auth_kerb to authenticate the user as I guess you would already have... Regards, Alon Bar-Lev.