[ovirt-users] Troubleshooting VM SSO on Windows 10 (ovirt 4.2.1)

Michal Skrivanek michal.skrivanek at redhat.com
Wed Mar 7 10:05:27 UTC 2018 


> On 5 Mar 2018, at 09:49, Cristian Mammoli <c.mammoli at apra.it> wrote:
> 
> Anyone???

what authentication to the portal are you using ?
SSO only works if you provide user and password in the ovirt’s login screen

> 
> Hi, I'm trying to setup sso on Windows 10, vm is domain joined, has
> agent installed and credential provider registered.Of course I setup an
> AD domain and the vm has sso enabled
> 
> Whenever I log to the user portal and open a VM I'm presented with the
> login screen and nothing happens, it's like the engine doesn't send the
> command to autologin.
> 
> In the agent logs there's nothing interesting but the communication
> between the engine and the agent is ok: for example the command to
> lock-screen on console close runs and works:
> 
> Dummy-2::INFO::2018-03-01
> 09:01:39,124::ovirtagentlogic::322::root::Received an external command:
> lock-screen...
> 
> This is an extract from engine logs when I login in the user portal and
> start a connection:
> 
> 2018-03-01 11:30:01,558+01 INFO
> [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-30)
> [] Userc.mammoli at apra.it <http://lists.ovirt.org/mailman/listinfo/users>  successfully logged in with scopes:
> ovirt-app-admin ovirt-app-api ovirt-app-portal
> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
> ovirt-ext=token:password-access
> 2018-03-01 11:30:01,606+01 INFO
> [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default
> task-31) [7bc265f] Running command: CreateUserSessionCommand internal:
> false.
> 2018-03-01 11:30:01,623+01 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-31) [7bc265f] EVENT_ID: USER_VDC_LOGIN(30), User
> c.mammoli at apra.it <http://lists.ovirt.org/mailman/listinfo/users>@apra.it connecting from '192.168.1.100' using session
> '5NMjCbUiehNLAGMeeWsr4L5TatL+uUGsNHOxQtCvSa9i0DaQ7uoGSi6zaZdXu08vrEk5gyQUJAsB2+COzLwtEw=='
> logged in.
> 2018-03-01 11:30:02,163+01 ERROR
> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-39)
> [14276418-5de7-44a6-bb64-c60965de0acf] Query execution failed due to
> insufficient permissions.
> 2018-03-01 11:30:02,664+01 INFO
> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-54)
> [617f130b] Running command: SetVmTicketCommand internal: false. Entities
> affected :  ID: c0250fe0-5d8b-44de-82bc-04610952f453 Type: VMAction
> group CONNECT_TO_VM with role type USER
> 2018-03-01 11:30:02,683+01 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (default task-54) [617f130b] START, SetVmTicketVDSCommand(HostName =
> r630-01.apra.it,
> SetVmTicketVDSCommandParameters:{hostId='d99a8356-72e8-4130-a1cc-e148762eca57',
> vmId='c0250fe0-5d8b-44de-82bc-04610952f453', protocol='SPICE',
> ticket='u2b1nv+rH+pw', validTime='120', userName='c.mammoli at apra.it <http://lists.ovirt.org/mailman/listinfo/users>',
> userId='39f9d718-6e65-456a-8a6f-71976bcbbf2f',
> disconnectAction='LOCK_SCREEN'}), log id: 18fa2ef
> 2018-03-01 11:30:02,703+01 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (default task-54) [617f130b] FINISH, SetVmTicketVDSCommand, log id: 18fa2ef
> 2018-03-01 11:30:02,713+01 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-54) [617f130b] EVENT_ID: VM_SET_TICKET(164), User
> c.mammoli at apra.it <http://lists.ovirt.org/mailman/listinfo/users>@apra.it initiated console session for VM testvdi02
> 2018-03-01 11:30:11,558+01 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (EE-ManagedThreadFactory-engineScheduled-Thread-49) [] EVENT_ID:
> VM_CONSOLE_CONNECTED(167), Userc.mammoli at apra.it <http://lists.ovirt.org/mailman/listinfo/users>  is connected to VM
> testvdi02.
> 
> Any help would be appreciated
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
>

More information about the Users mailing list