> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> a > écrit : > > >> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit : >> >> How do you login? Do you use webadmin or API/SDK, if using SDK, don't >> you use kerberos=True? > > Ok, got it. > It's tested with the sdk, using kerberos. But Kerberos authentication is done > in Apache and I configure a profile for that, so I needed to add: > config.artifact.arg = X-Remote-User in my > /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is > missing from internal-authn.properties. So rexecutor@internal is checked > with my profil, and not found. But as the internal profil don't know about > X-Remote-User, it can't check the user and fails silently. That's why I'm > getting only one line. Perhaps the log line should have said the extensions > name that was failing, not the generic "External Authentication" that did'nt > caught my eye. > > I will check that as soon as I have a few minutes to spare and tell you.
I'm starting to understand. I need two authn modules, both using org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a different authz.plugin. Is that possible ? If I do what, in what order the different Authn will be tried ? Are they all tried until one succeed both authn and authz ? _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
