Hi Enguerran, What error message are you getting in oned.log after trying to connect?
Cheers On 28 July 2014 17:16, Enguerran Boissier <[email protected]> wrote: > Hello Daniel, > Thanks for your answer, unfortunately we still don't manage to connect > with a server_* user on the behalf of another normal user. > This is basically what we do, let us know if we do something wrong: > > { > string expires = DateTime.Now.Subtract(new DateTime(1970,1,1,0,0,0, > DateTimeKind.Utc)).TotalSeconds + 3600 + ""; > string token_encrypted = Encrypt(this.AdminUsername + ":" + > this.TargetUsername + ":" + expires, this.AdminPassword); > //this.AdminUsername = server_* user name > //this.TargetUsername = normal user name (target user) > //this.AdminPassword = server_* user password (SHA1 encrypted) > //Encrypt do the equivalent of the AES 256 CBC openssl encryption (cf > https://gist.github.com/scottlowe/1411917, we just removed the salt part) > session_SHA = this.AdminUsername + ":" + this.TargetUsername + ":" + > token_encrypted; > //session_SHA is the token used to authenticate on a request > } > > Thanks > Best regards > > > > > Enguerran Boissier > www.terradue.com > > > On 28 Jul 2014, at 10:45, Daniel Molina <[email protected]> wrote: > > Hi Cesare, > > The server_* authentication is a special method where a user can > authenticate on behalf of other user. This method was included in > OpenNebula for scenarios such as an Apache server configured to use x509 > certificates, Apache has already authenticated the user and we just encrypt > a token with the serveradmin credentials and OpenNebula will decrypt the > token and will perform all the actions as the target_username. > > Users using the server_* auth method are special users and should not have > any resource. > > You can see an example on how Sunstone uses this method: > A user logs in: > > https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169 > do_auth is called to authenticate the user: > > https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18 > a token is generated using the server_* method > > https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85 > this info is sent to one and then checked by the auth driver: > > https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110 > > Hope this helps > > http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html > > > > > On 25 July 2014 12:39, Cesare Rossi <[email protected]> wrote: > >> Dear All, >> >> we are interacting with the XML-RPC API. We are trying to perform the >> special authentication method available with the users' drivers >> *server_cipher* or *server_x509 *(i.e. using >> username:target_username:secret), but it seems not working. >> >> The question is: is it possible to use with that API such kind of users ? >> If yes, how ? >> >> Thanks in advance, >> >> Cheers >> >> Cesare Rossi >> Terradue >> Rome, Italy | Oxford, UK >> http://www.terradue.com >> >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org >> >> > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org <http://www.opennebula.org/> | [email protected] > | @OpenNebula > > > -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________ Dev mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
