[Users] Single Sign On (Kerberos) to the user portal

Alon Bar-Lev alonbl at redhat.com
Sun Dec 16 00:30:51 UTC 2012



----- Original Message -----
> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Sunday, December 16, 2012 2:22:37 AM
> Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
> 
> On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
> >
> > ----- Original Message -----
> >> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> >> To: users at ovirt.org
> >> Sent: Saturday, December 15, 2012 6:25:22 PM
> >> Subject: [Users] Single Sign On (Kerberos) to the user portal
> >>
> >> Hi,
> >>
> >> Is it possible to do Single Sign On to the user portal using
> >> Kerberos?
> >>
> >> We have deployed FreeIPA where all our workstations are
> >> authenticating.
> >> We are already using SSO w/kerberos for web servers, and it would
> >> be
> >> handy if we could use SSO w/kerberos to authenticate to the User
> >> Portal too.
> > Hi,
> >
> > Not right now... we need some more work to make it happen.
> > Can you help in this?
> >
> > Alon
> 
> I think I will struggle with the programming side. However I can be
> of
> assistance testing it out.
> 
> I believe most of the work will already be done if there exists a
> similar module for jboss such as the "mod_auth_kerb" for Apache.
> 
> Has there been any work done at all with implementing SSO in the user
> portal so far?

What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side.

Then use mod_auth_kerb to authenticate the user as I guess you would already have...

Regards,
Alon Bar-Lev. 



More information about the Users mailing list