On Fri, Jun 29, 2018 at 1:39 PM, Hari Prasanth Loganathan < hariprasant...@msystechnologies.com> wrote:
> Thanks Ondra for the response. > > *This is my use case : * > > We have three components in our setup > > 1) Our Script (application using python) > 2) Ovirt > 3) LDAP (Also integrated to oVirt) > > 1) Our Python application is authenticating to LDAP and it creates a token > for our application > 2) For accessing the API's in oVIrt, I need to contact to the oVirt API > which authenticates and creates a token for it > 3) then I need to maintain the token of my application with its mapping to > the ovirt tokenId in my application. > > *Difficulty :* > > > *When I want to hit any oVirt API, First I perform the token check in my > application (using my application token) then I need to perform the ovirt > token check in oVirt using the ovirt token Id I maintain in the > application. * > > *To Achieve : * > > *So I want a feature, which perform authentication check only in my > application and then from my application I need to contact the ovirt APIs > without authentication / authorization check. I don't want ovirt to perform > authentication / authorization check. * > > > * 1) I would like to know Is there a way to skip the authentication and > authorization in oVIrt? * > No, but you can configure oVirt to use for example kerberos or CAS to receive authentication > *2) Or Is it possible to point the authentication validation for oVirt (to > my application / to some URL which I configure) which always return true > and allow for all oVirt API's?* > No, as mentioned above you can only configure oVirt to use Apache authentication (kerberos, CAS, ...) > > *If any thing is not clear I will update the mail and send you.* > > > > *Thanks * > > > > > On Fri, Jun 29, 2018 at 5:00 PM, Ondra Machacek <omach...@redhat.com> > wrote: > >> What's your use-case? You need all users to access without any >> username/password? Why not rather share some username/password of guest >> account them? >> >> On 06/29/2018 12:39 PM, Hari Prasanth Loganathan wrote: >> >>> Guys any update on this, If you have any clarification in my query >>> please let me know. >>> >>> Thanks, >>> Hari >>> >>> On Thu, Jun 28, 2018 at 6:19 PM, Hari Prasanth Loganathan < >>> hariprasant...@msystechnologies.com <mailto:hariprasanth.l@msystec >>> hnologies.com>> wrote: >>> >>> Hi Team, >>> >>> We have three components in our setup >>> >>> 1) Our Script (application using python) >>> 2) Ovirt >>> 3) LDAP (Also integrated to oVirt) >>> >>> 1) Our Python application is authenticating to LDAP and it creates a >>> token for our application >>> 2) For accessing the API's in oVIrt, I need to contact to the oVirt >>> API which authenticates and creates a token for it >>> 3) then I need to maintain the token of my application with its >>> mapping to the ovirt tokenId in my application. >>> >>> When I want to hit any oVirt API, First I perform the token check in >>> my application (using my application token) then I need to perform >>> the ovirt token check in oVirt. >>> >>> 1)*I would like to know Is there a way to skip the authentication >>> and authorization in oVIrt? >>> * >>> 2)*Or Is it possible to point the authentication check for oVirt (to >>> my application / to some URL which I configure) which always return >>> true and allow for all oVirt API's?* >>> >>> >>> *I did some analysis and verified the oVirt code in github, >>> Identified that it is going via a fliter in web.xml which points to >>> the class, Is it possible to tune this? * >>> >>> >>> <filter> >>> <filter-name>RestApiSessionValidationFilter</filter-name> >>> <filter-class>org.ovirt.engine >>> .core.aaa.filters.RestApiSessionValidationFilter</filter-class> >>> </filter> >>> <filter-mapping> >>> <filter-name>RestApiSessionValidationFilter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> <filter> >>> <filter-name>SessionValidationFilter</filter-name> >>> <filter-class>org.ovirt.engine >>> .core.aaa.filters.SessionValidationFilter</filter-class> >>> </filter> >>> <filter-mapping> >>> <filter-name>SessionValidationFilter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> <filter> >>> <filter-name>SsoRestApiAuthFilter</filter-name> >>> <filter-class>org.ovirt.engine >>> .core.aaa.filters.SsoRestApiAuthFilter</filter-class> >>> </filter> >>> <filter-mapping> >>> <filter-name>SsoRestApiAuthFilter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> <filter> >>> <filter-name>SsoRestApiNegotiationFilter</filter-name> >>> <filter-class>org.ovirt.engine >>> .core.aaa.filters.SsoRestApiNegotiationFilter</filter-class> >>> </filter> >>> <filter-mapping> >>> <filter-name>SsoRestApiNegotiationFilter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> If my query is not clear, please let me know. >>> >>> Thanks, >>> Hari >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>> oVirt Code of Conduct: https://www.ovirt.org/communit >>> y/about/community-guidelines/ >>> List Archives: https://lists.ovirt.org/archiv >>> es/list/users@ovirt.org/message/R5QK6VPZ5OQXHBODY4BY5JHJCC4X2ZKV/ >>> >>> > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: https://www.ovirt.org/community/about/community- > guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ > message/TYQ54CXHZWYU2N7ZFMUERBD44TERMTBE/ > > -- Martin Perina Associate Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FOPQSFFDD7543XQ2VKGGN7PLMRKR7KZL/
