On Fri, 2020-06-19 at 07:35 +0000, Anton Louw via Users wrote: > > > > Hi Everybody,
Hi Anton, > > > So I have implemented KeyCloak into our oVirt environment, which works, up > until a point. So WebUI access works, but when calling the API, using: > > > curl -k -H "Accept: application/json" ' > https://virt.example.co.za/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@openidchttp&password=mypass&scope=ovirt-app-api' > > > > I get the below error: > > > > {"error_description":"Cannot authenticate user Invalid scopes: ovirt-app-api > ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token- > info:public-authz-search ovirt-ext=token-info:validate ovirt- > ext=token:password-access.","error":"access_denied"} > > > > If my configs are removed, and I use “admin@internal” for my username, then it > works. > > > > I followed the below article step by step, and I double checked that all the > scopes are added into KeyCloak (ovirt-app-api and ovirt-app-admin) > > > > > https://blogs.ovirt.org/2019/01/federate-ovirt-engine-authentication-to-openid-connect-infrastructure/ > > > > Anybody have any ideas? It is my blind shot but could create & check another user? One more thing to check please use curl -vvv to check if there are any redirects along the way. I will check keycloak settings on my setup - perhaps there is something non-obvious that could have been missed. Any chance to get a bit more logs from engine.log and even from keycloak? Perhaps there is something there that could help. Artur > > Thank you > > > > > > > > Anton Louw > > > Cloud Engineer: Storage and Virtualization at Vox > > > > > > > T: 087 805 0000 | D: 087 805 1572 > M: N/A > > E: anton.l...@voxtelecom.co.za > A: Rutherford Estate, 1 Scott Street, Waverley, Johannesburg > > www.vox.co.za > > > > > > > > > > > > > > > > > > > > > > Disclaimer > The contents of this email are confidential to the sender and the intended > recipient. Unless the contents are clearly and entirely of a personal nature, > they are subject to copyright in favour of the holding company of the Vox > group of companies. Any recipient who receives this email in error should > immediately report the error to the sender and permanently delete this email > from all storage devices. > > This email has been scanned for viruses and malware, and may have been > automatically archived by Mimecast Ltd, an innovator in Software as a Service > (SaaS) for business. Providing a safer and more useful place for your human > generated data. Specializing in; Security, archiving and compliance. To find > out more Click Here. > > > > > > > > > > _______________________________________________Users mailing list -- > users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/CC54IPZLYJYE2B3NP4LT4TN4CJX4C7BU/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CXYLGC5W5EYD3LO54FPWYOWX6ZCMLYMB/
