[ovirt-users] Re: Spliting login pages

2021-01-07 Thread Gianluca Cecchi 
On Thu, Jan 7, 2021 at 3:18 PM  wrote:

> I believe it's a necessity. All portal are the same page. It's risky.
> Maybe we can use a WAF to solve the issue.
>
>
Risky for what?
You have to profile your users, depending on what you want them to be able
to do.
You can go to the landing page of many sensitive and critical
websites...you don't achieve security through obfuscation. Or at least it
has never been so in Linux / Open Source world
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YRTNGLBQ727ZOFOSLHFU64GSKGSYK4OW/

[ovirt-users] Re: Spliting login pages

2021-01-07 Thread ozmen62 
I believe it's a necessity. All portal are the same page. It's risky.
Maybe we can use a WAF to solve the issue.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5MTUZL2MDJIANDCOGWGWET3P6SZREBZV/

[ovirt-users] Re: Spliting login pages

2021-01-06 Thread Strahil Nikolov via Users 
Sharon , what about a nginx/apache listening on different virtual hosts
and redirecting (actually proxying) to the correct portal ?
Do you think that it could work  (the certs will not be trusted, but
they can take the exception) ?
Best Regards,Strahil Nikolov
В 17:24 +0200 на 06.01.2021 (ср), Sharon Gratch написа:
> 
> On Wed, Jan 6, 2021 at 11:15 AM  wrote:
> > Hi,
> > 
> > Yes, we can.
> > 
> > But we want to separate them by FQDN
> > 
> > for example;
> > 
> > http:/virtualpc.example.com --> VM Portal
> > 
> > http:/virtualpc-admin.example.com --> Admin Portal
> > 
> > http:/virtualpc-grafana.example.com --> Grafana Portal
> 
> AFAIK this is not supported by oVirt since all should use the engine
> FQDN for accessing the engine.
> You can probably use your own customized URL redirection or set a few
> FQDNs, but It won't solve the problem for separating and it might
> cause other issues, so I won't recommend it.
> 
> > 
> > and normal user must don't have permission access to admin or
> > grafana portal web page
> 
> Sure, so login will fail if a regular user won't have permissions to
> login to webadmin or grafana. This deals with user permissions
> management that should be set correctly. It's not related to FQDNs...
> > ___
> > 
> > Users mailing list -- users@ovirt.org
> > 
> > To unsubscribe send an email to users-le...@ovirt.org
> > 
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > 
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > 
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/2J7GQ6ZDXQMGZ3USBJM7HYP5W3JRJLV5/
> > 
> 
> ___Users mailing list -- 
> users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS4QUWCNVXDL7J623EZPFEZUFO7IUMGQ/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BO5LT7L4U5OC7O57TQFLW65LZLDWWXFE/

[ovirt-users] Re: Spliting login pages

2021-01-06 Thread Sharon Gratch 
On Wed, Jan 6, 2021 at 11:15 AM  wrote:

> Hi,
> Yes, we can.
> But we want to separate them by FQDN
> for example;
> http:/virtualpc.example.com --> VM Portal
> http:/virtualpc-admin.example.com --> Admin Portal
> http:/virtualpc-grafana.example.com --> Grafana Portal
>

AFAIK this is not supported by oVirt since all should use the engine FQDN
for accessing the engine.
You can probably use your own customized URL redirection or set a few
FQDNs, but It won't solve the problem for separating and it might cause
other issues, so I won't recommend it.


> and normal user must don't have permission access to admin or grafana
> portal web page
>

Sure, so login will fail if a regular user won't have permissions to login
to webadmin or grafana. This deals with user permissions management that
should be set correctly. It's not related to FQDNs...

___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2J7GQ6ZDXQMGZ3USBJM7HYP5W3JRJLV5/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS4QUWCNVXDL7J623EZPFEZUFO7IUMGQ/

[ovirt-users] Re: Spliting login pages

2021-01-06 Thread ozmen62 
Hi,
Yes, we can.
But we want to separate them by FQDN
for example;
http:/virtualpc.example.com --> VM Portal
http:/virtualpc-admin.example.com --> Admin Portal
http:/virtualpc-grafana.example.com --> Grafana Portal

and normal user must don't have permission access to admin or grafana portal 
web page
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2J7GQ6ZDXQMGZ3USBJM7HYP5W3JRJLV5/

[ovirt-users] Re: Spliting login pages

2021-01-05 Thread Sharon Gratch 
On Tue, Jan 5, 2021 at 2:10 PM Sharon Gratch  wrote:

> Hi,
>
> The login for all 3 portals are separated, so you can reach each one of
> them directly:
> For Administration Portal: https://manager-*fqdn/ovirt-engine/webadmin*
> 
> *For VM Portal: https://manager-fqdn/ovirt-engine/web-ui
> *
> *For Monitoring Portal (Grafana):
> https://manager-fqdn/ovirt-engine-grafana
> *
>

I fixed the Monitoring Portal (Grafana) url (one char was missing on my
previous mail).


>
> They all are referred from the oVirt landing page (https://manager-
> *fqdn/ovirt-engine/* ) but you can
> skip that and reach them directly.
>
> Thanks,
> Sharon
>
> On Mon, Jan 4, 2021 at 8:44 AM  wrote:
>
>> Hi,
>> We want to split admin, user and grafana login pages.
>> As you know all in main page.
>> So, this might get users attention and they may try to login and get
>> their accounts locked or worse :)
>>
>> Thanks
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LSIA4P7LM2EOB2XVOKGZ25QVR4JDPKW7/
>>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NPQGBJYLYAWDFGQIREROI3JDCXZHJ6AT/

[ovirt-users] Re: Spliting login pages

2021-01-05 Thread Sharon Gratch 
Hi,

The login for all 3 portals are separated, so you can reach each one of
them directly:
For Administration Portal: https://manager-*fqdn/ovirt-engine/webadmin*

*For VM Portal: https://manager-fqdn/ovirt-engine/web-ui
*
*For Monitoring Portal (Grafana): https://manager-fqdn/virt-engine-grafana
*


They all are referred from the oVirt landing page (https://manager-
*fqdn/ovirt-engine/* ) but you can skip
that and reach them directly.

Thanks,
Sharon

On Mon, Jan 4, 2021 at 8:44 AM  wrote:

> Hi,
> We want to split admin, user and grafana login pages.
> As you know all in main page.
> So, this might get users attention and they may try to login and get their
> accounts locked or worse :)
>
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LSIA4P7LM2EOB2XVOKGZ25QVR4JDPKW7/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QKZVLOJGXIC3KLBAN4YSO7FILNAKHZBO/