[Users] Single Sign On (Kerberos) to the user portal
Alon Bar-Lev
alonbl at redhat.com
Sun Dec 16 08:14:20 UTC 2012
----- Original Message -----
> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Sunday, December 16, 2012 2:41:06 AM
> Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
>
> On 12/16/2012 01:30 AM, Alon Bar-Lev wrote:
> >
> > ----- Original Message -----
> >> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Sunday, December 16, 2012 2:22:37 AM
> >> Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
> >>
> >> On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
> >>> ----- Original Message -----
> >>>> From: "Sigbjorn Lie" <sigbjorn at nixtra.com>
> >>>> To: users at ovirt.org
> >>>> Sent: Saturday, December 15, 2012 6:25:22 PM
> >>>> Subject: [Users] Single Sign On (Kerberos) to the user portal
> >>>>
> >>>> Hi,
> >>>>
> >>>> Is it possible to do Single Sign On to the user portal using
> >>>> Kerberos?
> >>>>
> >>>> We have deployed FreeIPA where all our workstations are
> >>>> authenticating.
> >>>> We are already using SSO w/kerberos for web servers, and it
> >>>> would
> >>>> be
> >>>> handy if we could use SSO w/kerberos to authenticate to the User
> >>>> Portal too.
> >>> Hi,
> >>>
> >>> Not right now... we need some more work to make it happen.
> >>> Can you help in this?
> >>>
> >>> Alon
> >> I think I will struggle with the programming side. However I can
> >> be
> >> of
> >> assistance testing it out.
> >>
> >> I believe most of the work will already be done if there exists a
> >> similar module for jboss such as the "mod_auth_kerb" for Apache.
> >>
> >> Has there been any work done at all with implementing SSO in the
> >> user
> >> portal so far?
> > What I would like to do is to support external authentication in
> > ovirt, so that it will take the user name out of the ajp protocol
> > ?remote_user field, which maps into the
> > HttpServletRequest.getUserPrincipal() at J2EE side.
> >
> > Then use mod_auth_kerb to authenticate the user as I guess you
> > would already have...
> >
> >
>
> Yes we use mod_auth_kerb with Apache today. It works well.
>
> I do not think I will be of much use with the programming, sorry.
>
> Is there any ongoing work to get this implemented?
On my list :)
But I don't think it will be soon... sorry.
Alon.
More information about the Users
mailing list