[Users] Single Sign On (Kerberos) to the user portal

[Sigbjorn Lie]

On 12/16/2012 01:30 AM, Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Sunday, December 16, 2012 2:22:37 AM
>> Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
>>
>> On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
>>>> To: users at ovirt.org
>>>> Sent: Saturday, December 15, 2012 6:25:22 PM
>>>> Subject: [Users] Single Sign On (Kerberos) to the user portal
>>>>
>>>> Hi,
>>>>
>>>> Is it possible to do Single Sign On to the user portal using
>>>> Kerberos?
>>>>
>>>> We have deployed FreeIPA where all our workstations are
>>>> authenticating.
>>>> We are already using SSO w/kerberos for web servers, and it would
>>>> be
>>>> handy if we could use SSO w/kerberos to authenticate to the User
>>>> Portal too.
>>> Hi,
>>>
>>> Not right now... we need some more work to make it happen.
>>> Can you help in this?
>>>
>>> Alon
>> I think I will struggle with the programming side. However I can be
>> of
>> assistance testing it out.
>>
>> I believe most of the work will already be done if there exists a
>> similar module for jboss such as the "mod_auth_kerb" for Apache.
>>
>> Has there been any work done at all with implementing SSO in the user
>> portal so far?
> What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side.
>
> Then use mod_auth_kerb to authenticate the user as I guess you would already have...
>
>

Yes we use mod_auth_kerb with Apache today. It works well.

I do not think I will be of much use with the programming, sorry.

Is there any ongoing work to get this implemented?



Regards,
Siggi