[ovirt-users] active directory and sso

Martin Perina mperina at redhat.com
Fri Feb 2 07:50:49 UTC 2018 

On Fri, Feb 2, 2018 at 4:46 AM, 董青龙 <ddqlo at 126.com> wrote:

> Thanks for the reply. I have completely configured all the things in
> option 1 which you told. But it seems that sso still does not work. My
> domain forest is "test.org" and my user is "test". When I login the user
> portal, I get "test at test.org@test.org" int the top right corner. Should
> it be "test at test.org"?
>

​This​ is fine, for AD we are using UPN as username (in your case '
test at test.org') and we concatenate this with authz extension name (in your
case '@test.org').

Is it possible that engine send wrong user name to the guest agent?
>

>
​Could you please share engine.log from, after you try to login to VM
Portal and open console to the VM to investigate?

Thanks

Martin

At 2018-02-01 15:35:57, "Martin Perina" <mperina at redhat.com> wrote:
>
>
>
> On Thu, Feb 1, 2018 at 9:13 AM, 董青龙 <ddqlo at 126.com> wrote:
>
>> Hi, all
>>         I am trying to make SSO working with windows7 vm in an ovirt 4.1
>> environment. Ovirt-guest-agent has been installed in windows7 vm. I have an
>> active directory server of windows2012 and I have configured the engine
>> using "ovirt-engine-extension-aaa-ldap-setup" successfully. The windows7
>> vm has joined the domain,too. But when I login the userportal using a user
>> created in the AD server, I still have to login the windows7 vm using the
>> same user for the second time. It seems that SSO does not work.
>>         Anyone can help me? Thanks!
>>
>
> We are not providing full SSO for
> VMs
> . At the moment you have  2 options:
>
> 1. If you want user to be automatically logged in into a VM, then you need
> to setup SSO using aaa-ldap extension for AD (please don't forget to answer
> Yes for question about SSO for VMs in setup tool). Andf of course in a VM
> you need to have installed and enabled guest agent. Once user logs into VM
> Portal and clicks on a VM, then he should be automatically logged into it.
>
> 2. If you setup kerberos for engine SSO, then you don't need to enter
> password to loging into VM Portal, but in such case we cannot pass a
> password into a VM and user are not automatically logged in.
>
> Martin
>
>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
> --
> Martin Perina
> Associate Manager, Software Engineering
> Red Hat Czech s.r.o.
>
>
>
>
>



-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180202/1866a716/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ??2.png
Type: image/png
Size: 2736 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180202/1866a716/attachment.png>

More information about the Users mailing list