On 12/16/2012 01:30 AM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Sigbjorn Lie" <sigbj...@nixtra.com>
To: "Alon Bar-Lev" <alo...@redhat.com>
Cc: users@ovirt.org
Sent: Sunday, December 16, 2012 2:22:37 AM
Subject: Re: [Users] Single Sign On (Kerberos) to the user portal
On 12/15/2012 07:50 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Sigbjorn Lie" <sigbj...@nixtra.com>
To: users@ovirt.org
Sent: Saturday, December 15, 2012 6:25:22 PM
Subject: [Users] Single Sign On (Kerberos) to the user portal
Hi,
Is it possible to do Single Sign On to the user portal using
Kerberos?
We have deployed FreeIPA where all our workstations are
authenticating.
We are already using SSO w/kerberos for web servers, and it would
be
handy if we could use SSO w/kerberos to authenticate to the User
Portal too.
Hi,
Not right now... we need some more work to make it happen.
Can you help in this?
Alon
I think I will struggle with the programming side. However I can be
of
assistance testing it out.
I believe most of the work will already be done if there exists a
similar module for jboss such as the "mod_auth_kerb" for Apache.
Has there been any work done at all with implementing SSO in the user
portal so far?
What I would like to do is to support external authentication in ovirt, so that
it will take the user name out of the ajp protocol ?remote_user field, which
maps into the HttpServletRequest.getUserPrincipal() at J2EE side.
Then use mod_auth_kerb to authenticate the user as I guess you would already
have...
Yes we use mod_auth_kerb with Apache today. It works well.
I do not think I will be of much use with the programming, sorry.
Is there any ongoing work to get this implemented?
Regards,
Siggi
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
