[ovirt-users] autologin into vm desktop

Adolfo agomez at virtualcable.es
Thu May 7 10:14:29 UTC 2015 

Thank you very much.

The problem is that the broker supports a wide variety of 
authenticators, and the users that logins UDS are not oVirt users... :(. 
(I.e. we support SAML as auth, o eDirectory users, and UDS users are not 
registered inside oVirt, i mean, they are not oVirt users)

The easier way is that API exposes "vdsClient", but it did not.. (maybe 
i need a post on devel list)?

Right now, i'm going to try to connect using or vdsClient or, if i can, 
the XMLRPC interface... I have to do some tests...

Thank you very much for your help ;-)

Regards,

Adolfo Gómez


El 07/05/2015 a las 11:29, Juan Hernández escribió:
> On 05/07/2015 05:25 AM, Adolfo wrote:
>> :`(... after looking at this, this is not what i was looking for (but
>> almost).
>>
>> This API call seems to make logon on desktop using "the credentials of
>> the client. I mean, we can't pass the user credentials (as with
>> vdsClient), ovirt takes them from their own. (I think that from user
>> that makes the API call).
>>
>> I need to pass the "username" "password" "domain" data in a way similar
>> to this, but be able to do it without registering the user inside ovirt,
>> making a call with the users credentials, etc... so back to beginning i
>> guess... :(
>>
>> Anyway, thank you very much for taking your time for helping me ;-)
>>
>> Regards,
>>
>> Adolfo gómez
>>
> If your broker has the credentials of the user then you can connect to
> the API using those credentials, and invoke the "logon" operation,
> something like this:
>
> ---8<---
> #!/bin/sh -ex
>
> curl \
> --verbose \
> --cacert /the/path/to/the/ca/cert \
> --request POST \
> --user "myuser at mydomain:mypassword" \
> --header "Content-Type: application/xml" \
> --header "Accept: application/xml" \
> --data '
> <action/>
> ' \
> "https://engine.example.com/ovirt-engine/api/vms/myvm/login"
> --->8---
>
>> El 07/05/2015 a las 5:10, Adolfo escribió:
>>> O.o that is what i was looking for!!!... Has to take a BIG look at
>>> it... ;)
>>>
>>> Thank you very much again, i was looking for this, but after
>>> "googling" a lot didn't found it!!! ;)
>>>
>>> Adolfo Gómez
>>>
>>>
>>> El 07/05/2015 a las 5:05, Dan Yasny escribió:
>>>> ...and it looks like in the latest versions the REST API
>>>> has //vms/{vmid}/logon/
>>>> /
>>>> /
>>>> /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console
>>>> /
>>>>
>>>> On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny at gmail.com
>>>> <mailto:dyasny at gmail.com>> wrote:
>>>>
>>>>      You can pass the credentials directly to the guest agent using
>>>>      vdsClient on the host, among other things:
>>>>
>>>>      desktopLock
>>>>              <vmId>
>>>>              Logoff current user
>>>>      desktopLogin
>>>>              <vmId> <domain> <user> <password>
>>>>              Login to vmId desktop using the supplied credentials
>>>>      desktopLogoff
>>>>              <vmId> <force>
>>>>              Lock user session. force should be set to true/false
>>>>
>>>>      Will probably require key based remote ssh execution, and API
>>>>      calls to the engine, to determine the host and VM UUID
>>>>
>>>>      On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez at virtualcable.es
>>>>      <mailto:agomez at virtualcable.es>> wrote:
>>>>
>>>>          I know, but this all is used from "ovirt portal", and we are
>>>>          only using ovirt api, the portal is provided by own broker :)
>>>>
>>>>          I'm currently looking at the code of vdsClient, to see if i
>>>>          can replicate the "desktopLogin" feature.
>>>>
>>>>          This was why i was wondering if this is the place to post
>>>>          this, because it's more related to "development", but not to
>>>>          de development of ovirt itself (or yes, don't know right
>>>>          now... :) )
>>>>
>>>>          Thank you
>>>>
>>>>          Adolfo Gómez
>>>>
>>>>
>>>>
>>>>          El 07/05/2015 a las 4:40, Dan Yasny escribió:
>>>>>          This is exactly what the SSO feature is for.
>>>>>
>>>>>          http://www.ovirt.org/Features/SSO
>>>>>          http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows
>>>>>          https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html
>>>>>
>>>>>
>>>>>
>>>>>          On Wed, May 6, 2015 at 10:24 PM, Adolfo
>>>>>          <agomez at virtualcable.es <mailto:agomez at virtualcable.es>> wrote:
>>>>>
>>>>>              Hello,
>>>>>
>>>>>              My name is Adolfo. I'm in charge of the development of
>>>>>              UDS, an open source connection broker (with commercial
>>>>>              support if requested)
>>>>>              (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study
>>>>>              is done with it for example).
>>>>>
>>>>>              I don't know if this is the place to post this "request
>>>>>              for help", if not, please forgive me :)
>>>>>
>>>>>              The case is that we are including Spice as an accepted
>>>>>              protocol for connecting to VMs (currently we allow rdp,
>>>>>              rgs, nx, ...) provided by oVirt, and we have found the
>>>>>              following "issue".
>>>>>
>>>>>              It's ease to get the connection parameters for the VM
>>>>>              using REST api, even get the ticket for allowing
>>>>>              connection, but i have been looking for a way "logging
>>>>>              user" directly into desktop, not only connect to
>>>>>              "display" but also "log in" into remote without needed
>>>>>              to use a second authentication.
>>>>>
>>>>>              I have seen that oVirt Portal currently allows this, and
>>>>>              i have found also that vsdClient can do login using
>>>>>              "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN>
>>>>>              <USER> <PASSWORD>", and although it is possible to use
>>>>>              this, it will be a bit "tricky" to get it working i think.
>>>>>
>>>>>              My question is... ¿Is any way of doing "desktop login"
>>>>>              using REST API, or any other "simple method" from an
>>>>>              external app such as this broker?.
>>>>>
>>>>>              ¿If yes, how? :-)
>>>>>              ¿If not, will be support for this an anyone knows how?
>>>>>
>>>>>              Thank you, and again, if this is not the correct list,
>>>>>              sorry for the annoyance.
>>>>>
>>>>>              Adolfo Gómez
>>>>>
>>>>>              _______________________________________________
>>>>>              Users mailing list
>>>>>              Users at ovirt.org <mailto:Users at ovirt.org>
>>>>>              http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>

More information about the Users mailing list