[Users] Single Sign On (Kerberos) to the user portal
Alon Bar-Lev
alonbl at redhat.com
Sun Dec 16 00:30:51 UTC 2012
----- Original Message -----
> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Sunday, December 16, 2012 2:22:37 AM
> Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
>
> On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
> >
> > ----- Original Message -----
> >> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> >> To: users at ovirt.org
> >> Sent: Saturday, December 15, 2012 6:25:22 PM
> >> Subject: [Users] Single Sign On (Kerberos) to the user portal
> >>
> >> Hi,
> >>
> >> Is it possible to do Single Sign On to the user portal using
> >> Kerberos?
> >>
> >> We have deployed FreeIPA where all our workstations are
> >> authenticating.
> >> We are already using SSO w/kerberos for web servers, and it would
> >> be
> >> handy if we could use SSO w/kerberos to authenticate to the User
> >> Portal too.
> > Hi,
> >
> > Not right now... we need some more work to make it happen.
> > Can you help in this?
> >
> > Alon
>
> I think I will struggle with the programming side. However I can be
> of
> assistance testing it out.
>
> I believe most of the work will already be done if there exists a
> similar module for jboss such as the "mod_auth_kerb" for Apache.
>
> Has there been any work done at all with implementing SSO in the user
> portal so far?
What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side.
Then use mod_auth_kerb to authenticate the user as I guess you would already have...
Regards,
Alon Bar-Lev.
More information about the Users
mailing list