Here are the engine logs:
2018-02-05 14:53:53,681+08 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-38) [] User [email protected] successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2018-02-05 14:53:53,765+08 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-40) [6961a53b] Running command: CreateUserSessionCommand internal: false. 2018-02-05 14:53:53,775+08 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-40) [6961a53b] EVENT_ID: USER_VDC_LOGIN(30), Correlation ID: 6961a53b, Call Stack: null, Custom Event ID: -1, Message: User [email protected]@test.org logged in. 2018-02-05 14:53:55,305+08 ERROR [org.ovirt.engine.core.utils.servlet.ServletUtils] (default task-60) [] Can't read file '/usr/share/ovirt-engine/files/spice/SpiceVersion_x64.txt' for request '/ovirt-engine/services/files/spice/SpiceVersion_x64.txt', will send a 404 error response. 2018-02-05 14:53:57,379+08 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (default task-21) [4550dbd4-9c26-48fa-8ded-e50cd47a34e1] Running command: VmLogonCommand internal: false. Entities affected : ID: ae5846f6-4f25-4e7a-af2d-02e99599de47 Type: VMAction group CONNECT_TO_VM with role type USER 2018-02-05 14:53:57,400+08 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (default task-21) [4550dbd4-9c26-48fa-8ded-e50cd47a34e1] START, VmLogonVDSCommand(HostName = host, VmLogonVDSCommandParameters:{runAsync='true', hostId='0049362d-39cc-498d-9c7e-f36c5fba20bf', vmId='ae5846f6-4f25-4e7a-af2d-02e99599de47', domain='test.org', password='***', userName='[email protected]@test.org'}), log id: 34439164 2018-02-05 14:53:58,404+08 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (default task-21) [4550dbd4-9c26-48fa-8ded-e50cd47a34e1] FINISH, VmLogonVDSCommand, log id: 34439164 2018-02-05 14:53:58,467+08 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-23) [48fb921e] Running command: SetVmTicketCommand internal: false. Entities affected : ID: ae5846f6-4f25-4e7a-af2d-02e99599de47 Type: VMAction group CONNECT_TO_VM with role type USER 2018-02-05 14:53:58,469+08 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-23) [48fb921e] START, SetVmTicketVDSCommand(HostName = host, SetVmTicketVDSCommandParameters:{runAsync='true', hostId='0049362d-39cc-498d-9c7e-f36c5fba20bf', vmId='ae5846f6-4f25-4e7a-af2d-02e99599de47', protocol='SPICE', ticket='60qsiE96d7F5', validTime='120', userName='[email protected]', userId='737c7b8b-9503-489b-b32a-10bf8615bc1f', disconnectAction='LOCK_SCREEN'}), log id: 3076856 2018-02-05 14:53:59,108+08 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-23) [48fb921e] FINISH, SetVmTicketVDSCommand, log id: 3076856 2018-02-05 14:53:59,116+08 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-23) [48fb921e] EVENT_ID: VM_SET_TICKET(164), Correlation ID: 48fb921e, Call Stack: null, Custom Event ID: -1, Message: User [email protected]@test.org initiated console session for VM win7 2018-02-05 14:54:16,134+08 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler4) [] EVENT_ID: VM_CONSOLE_CONNECTED(167), Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User [email protected] is connected to VM win7. At 2018-02-02 14:50:49, "Martin Perina" <[email protected]> wrote: On Fri, Feb 2, 2018 at 4:46 AM, 董青龙 <[email protected]> wrote: Thanks for the reply. I have completely configured all the things in option 1 which you told. But it seems that sso still does not work. My domain forest is "test.org" and my user is "test". When I login the user portal, I get "[email protected]@test.org" int the top right corner. Should it be "[email protected]"? This is fine, for AD we are using UPN as username (in your case '[email protected]') and we concatenate this with authz extension name (in your case '@test.org'). Is it possible that engine send wrong user name to the guest agent? Could you please share engine.log from, after you try to login to VM Portal and open console to the VM to investigate? Thanks Martin At 2018-02-01 15:35:57, "Martin Perina" <[email protected]> wrote: On Thu, Feb 1, 2018 at 9:13 AM, 董青龙 <[email protected]> wrote: Hi, all I am trying to make SSO working with windows7 vm in an ovirt 4.1 environment. Ovirt-guest-agent has been installed in windows7 vm. I have an active directory server of windows2012 and I have configured the engine using "ovirt-engine-extension-aaa-ldap-setup" successfully. The windows7 vm has joined the domain,too. But when I login the userportal using a user created in the AD server, I still have to login the windows7 vm using the same user for the second time. It seems that SSO does not work. Anyone can help me? Thanks! We are not providing full SSO for VMs . At the moment you have 2 options: 1. If you want user to be automatically logged in into a VM, then you need to setup SSO using aaa-ldap extension for AD (please don't forget to answer Yes for question about SSO for VMs in setup tool). Andf of course in a VM you need to have installed and enabled guest agent. Once user logs into VM Portal and clicks on a VM, then he should be automatically logged into it. 2. If you setup kerberos for engine SSO, then you don't need to enter password to loging into VM Portal, but in such case we cannot pass a password into a VM and user are not automatically logged in. Martin _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o. -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
