[ovirt-users] autologin into vm desktop
Adolfo
agomez at virtualcable.es
Thu May 7 10:14:29 UTC 2015
Thank you very much.
The problem is that the broker supports a wide variety of
authenticators, and the users that logins UDS are not oVirt users... :(.
(I.e. we support SAML as auth, o eDirectory users, and UDS users are not
registered inside oVirt, i mean, they are not oVirt users)
The easier way is that API exposes "vdsClient", but it did not.. (maybe
i need a post on devel list)?
Right now, i'm going to try to connect using or vdsClient or, if i can,
the XMLRPC interface... I have to do some tests...
Thank you very much for your help ;-)
Regards,
Adolfo Gómez
El 07/05/2015 a las 11:29, Juan Hernández escribió:
> On 05/07/2015 05:25 AM, Adolfo wrote:
>> :`(... after looking at this, this is not what i was looking for (but
>> almost).
>>
>> This API call seems to make logon on desktop using "the credentials of
>> the client. I mean, we can't pass the user credentials (as with
>> vdsClient), ovirt takes them from their own. (I think that from user
>> that makes the API call).
>>
>> I need to pass the "username" "password" "domain" data in a way similar
>> to this, but be able to do it without registering the user inside ovirt,
>> making a call with the users credentials, etc... so back to beginning i
>> guess... :(
>>
>> Anyway, thank you very much for taking your time for helping me ;-)
>>
>> Regards,
>>
>> Adolfo gómez
>>
> If your broker has the credentials of the user then you can connect to
> the API using those credentials, and invoke the "logon" operation,
> something like this:
>
> ---8<---
> #!/bin/sh -ex
>
> curl \
> --verbose \
> --cacert /the/path/to/the/ca/cert \
> --request POST \
> --user "myuser at mydomain:mypassword" \
> --header "Content-Type: application/xml" \
> --header "Accept: application/xml" \
> --data '
> <action/>
> ' \
> "https://engine.example.com/ovirt-engine/api/vms/myvm/login"
> --->8---
>
>> El 07/05/2015 a las 5:10, Adolfo escribió:
>>> O.o that is what i was looking for!!!... Has to take a BIG look at
>>> it... ;)
>>>
>>> Thank you very much again, i was looking for this, but after
>>> "googling" a lot didn't found it!!! ;)
>>>
>>> Adolfo Gómez
>>>
>>>
>>> El 07/05/2015 a las 5:05, Dan Yasny escribió:
>>>> ...and it looks like in the latest versions the REST API
>>>> has //vms/{vmid}/logon/
>>>> /
>>>> /
>>>> /https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/sect-Actions5.html#Enable_user_logon_to_access_a_virtual_machine_from_an_external_console
>>>> /
>>>>
>>>> On Wed, May 6, 2015 at 10:55 PM, Dan Yasny <dyasny at gmail.com
>>>> <mailto:dyasny at gmail.com>> wrote:
>>>>
>>>> You can pass the credentials directly to the guest agent using
>>>> vdsClient on the host, among other things:
>>>>
>>>> desktopLock
>>>> <vmId>
>>>> Logoff current user
>>>> desktopLogin
>>>> <vmId> <domain> <user> <password>
>>>> Login to vmId desktop using the supplied credentials
>>>> desktopLogoff
>>>> <vmId> <force>
>>>> Lock user session. force should be set to true/false
>>>>
>>>> Will probably require key based remote ssh execution, and API
>>>> calls to the engine, to determine the host and VM UUID
>>>>
>>>> On Wed, May 6, 2015 at 10:45 PM, Adolfo <agomez at virtualcable.es
>>>> <mailto:agomez at virtualcable.es>> wrote:
>>>>
>>>> I know, but this all is used from "ovirt portal", and we are
>>>> only using ovirt api, the portal is provided by own broker :)
>>>>
>>>> I'm currently looking at the code of vdsClient, to see if i
>>>> can replicate the "desktopLogin" feature.
>>>>
>>>> This was why i was wondering if this is the place to post
>>>> this, because it's more related to "development", but not to
>>>> de development of ovirt itself (or yes, don't know right
>>>> now... :) )
>>>>
>>>> Thank you
>>>>
>>>> Adolfo Gómez
>>>>
>>>>
>>>>
>>>> El 07/05/2015 a las 4:40, Dan Yasny escribió:
>>>>> This is exactly what the SSO feature is for.
>>>>>
>>>>> http://www.ovirt.org/Features/SSO
>>>>> http://www.ovirt.org/OVirt_Guest_Agent/Single_Sign_On/Windows
>>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Power_User_Portal_Guide/Single_Sign_On-Windows.html
>>>>>
>>>>>
>>>>>
>>>>> On Wed, May 6, 2015 at 10:24 PM, Adolfo
>>>>> <agomez at virtualcable.es <mailto:agomez at virtualcable.es>> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> My name is Adolfo. I'm in charge of the development of
>>>>> UDS, an open source connection broker (with commercial
>>>>> support if requested)
>>>>> (http://www.ovirt.org/Universidad_de_Sevilla_Case_Study
>>>>> is done with it for example).
>>>>>
>>>>> I don't know if this is the place to post this "request
>>>>> for help", if not, please forgive me :)
>>>>>
>>>>> The case is that we are including Spice as an accepted
>>>>> protocol for connecting to VMs (currently we allow rdp,
>>>>> rgs, nx, ...) provided by oVirt, and we have found the
>>>>> following "issue".
>>>>>
>>>>> It's ease to get the connection parameters for the VM
>>>>> using REST api, even get the ticket for allowing
>>>>> connection, but i have been looking for a way "logging
>>>>> user" directly into desktop, not only connect to
>>>>> "display" but also "log in" into remote without needed
>>>>> to use a second authentication.
>>>>>
>>>>> I have seen that oVirt Portal currently allows this, and
>>>>> i have found also that vsdClient can do login using
>>>>> "vdsClient -s <HOSTIP> desktopLogin <VMID> <DOMAIN>
>>>>> <USER> <PASSWORD>", and although it is possible to use
>>>>> this, it will be a bit "tricky" to get it working i think.
>>>>>
>>>>> My question is... ¿Is any way of doing "desktop login"
>>>>> using REST API, or any other "simple method" from an
>>>>> external app such as this broker?.
>>>>>
>>>>> ¿If yes, how? :-)
>>>>> ¿If not, will be support for this an anyone knows how?
>>>>>
>>>>> Thank you, and again, if this is not the correct list,
>>>>> sorry for the annoyance.
>>>>>
>>>>> Adolfo Gómez
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org <mailto:Users at ovirt.org>
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
More information about the Users
mailing list