[ovirt-users] active directory and sso

[Martin Perina]

On Thu, Feb 1, 2018 at 9:13 AM, 董青龙 <ddqlo at 126.com> wrote:

> Hi, all
>         I am trying to make SSO working with windows7 vm in an ovirt 4.1
> environment. Ovirt-guest-agent has been installed in windows7 vm. I have an
> active directory server of windows2012 and I have configured the engine
> using "ovirt-engine-extension-aaa-ldap-setup" successfully. The windows7
> vm has joined the domain,too. But when I login the userportal using a user
> created in the AD server, I still have to login the windows7 vm using the
> same user for the second time. It seems that SSO does not work.
>         Anyone can help me? Thanks!
>

​We are not providing full SSO for ​
​VMs​
​. At the moment you have  2 options:

1. If you want user to be automatically logged in into a VM, then you need
to setup SSO using aaa-ldap extension for AD (please don't forget to answer
Yes for question about SSO for VMs in setup tool). Andf of course in a VM
you need to have installed and enabled guest agent. Once user logs into VM
Portal​ and clicks on a VM, then he should be automatically logged into it.

2. If you setup kerberos for engine SSO, then you don't need to enter
password to loging into VM Portal, but in such case we cannot pass a
password into a VM and user are not automatically logged in.

Martin


>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180201/eb8e0021/attachment.html>