<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 2, 2018 at 4:46 AM, 董青龙 <span dir="ltr"><<a href="mailto:ddqlo@126.com" target="_blank">ddqlo@126.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Thanks for the reply. I have completely configured all the things in option 1 which you told. But it seems that sso still does not work. My domain forest is "<a href="http://test.org" target="_blank">test.org</a>" and my user is "test". When I login the user portal, I get "test@test.org@<a href="http://test.org" target="_blank">test.org</a>" int the top right corner. Should it be "<a href="mailto:test@test.org" target="_blank">test@test.org</a>"?</div></div></blockquote><div style="font-family:arial,helvetica,sans-serif" class="gmail_default"><br>This is fine, for AD we are using UPN as username (in your case '<a href="mailto:test@test.org">test@test.org</a>') and we concatenate this with authz extension name (in your case '@<a href="http://test.org">test.org</a>').<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div> Is it possible that engine send wrong user name to the guest agent? <br></div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div><img src="cid:118ddb69$2$161549f1512$Coremail$ddqlo$126.com" style="width:171px;height:36px"></div><div><br></div></div></blockquote><div><br><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Could you please share engine.log from, after you try to login to VM Portal and open console to the VM to investigate?<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Thanks<br><br></div><div style="font-family:arial,helvetica,sans-serif;display:inline" class="gmail_default">Martin<br><br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div></div><div style="zoom:1"></div><div id="m_8954576301906369599divNeteaseMailCard"></div>At 2018-02-01 15:35:57, "Martin Perina" <<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>> wrote:<br> <blockquote id="m_8954576301906369599isReplyContent" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 1, 2018 at 9:13 AM, 董青龙 <span dir="ltr"><<a href="mailto:ddqlo@126.com" target="_blank">ddqlo@126.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi, all</div><div> I am trying to make SSO working with windows7 vm in an ovirt 4.1 environment. Ovirt-guest-agent has been installed in windows7 vm. I have an active directory server of windows2012 and I have configured the engine using "ovirt-engine-extension-aaa-ld<wbr>ap-setup" successfully. The windows7 vm has joined the domain,too. But when I login the userportal using a user created in the AD server, I still have to login the windows7 vm using the same user for the second time. It seems that SSO does not work.</div><div> Anyone can help me? Thanks!</div></div></blockquote><div><br><div>We are not providing full SSO for </div>VMs<div>. At the moment you have 2 options:<br><br></div><div>1. If you want user to be automatically logged in into a VM, then you need to setup SSO using aaa-ldap extension for AD (please don't forget to answer Yes for question about SSO for VMs in setup tool). Andf of course in a VM you need to have installed and enabled guest agent. Once user logs into VM Portal and clicks on a VM, then he should be automatically logged into it.<br><br></div><div>2. If you setup kerberos for engine SSO, then you don't need to enter password to loging into VM Portal, but in such case we cannot pass a password into a VM and user are not automatically logged in.<br><br></div><div>Martin<br><br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br><span title="neteasefooter"><p> </p></span><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div><br><br clear="all"><span class="HOEnZb"><font color="#888888"><br>-- <br><div class="m_8954576301906369599gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</font></span></div></div>
</blockquote></div><br><br><span title="neteasefooter"><p> </p></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><font size="1">Martin Perina<br>Associate Manager, Software Engineering<br>Red Hat Czech s.r.o.<br></font></div></div>
</div></div>