Install SSO service for oVirt services

General

Additional Info

General

Additional Info

Description

Today we have multiple authentication systems for our systems:

foreman
gerrit
jenkins
artifactory
icingna
ovirt-engine
and others..

We need to find one service that will enable SSO, it should support at least one open id service like 'fedora' or 'google'.

Activity

Show:

Anton Marchukov February 15, 2019 at 2:08 PM

We converged on google sso.

Barak Korren June 21, 2016 at 9:33 AM

I'd go with KeyCloak working exclusively against external providers. I wouldn't want to have to maintain and secure a credential database on our infra.
So far external providers worked very well for us in Gerrit.

As far as authorization goes, maybe we could do it with Gerrit groups. softwarefactory does...

Former user May 10, 2016 at 7:13 AM

I think the following setup would do what we need from the first glance. Worth investigating furhter:

IdM server

Keycloak
- - SAML
  - federation to LDAP
  - Social login
FreeIPA
- - LDAP
  - Kerberos
  - SSH key management
  - sudo management

web clients

use SAML to authenticate (for example mod_mellon for Apache HTTPD)
servers
use Kerberos from the IPA and/or user SSH keys from it.

Won't Fix

Details
Assignee
Former user(Deactivated)
Reporter
Eyal Edri
Priority
Medium
Parent
OVIRT-403 oVirt infra services maintenance and upgrades

Created May 9, 2016 at 3:58 PM

Updated August 29, 2019 at 2:12 PM

Resolved February 15, 2019 at 2:08 PM

Install SSO service for oVirt services

Description

Activity

Anton Marchukov February 15, 2019 at 2:08 PM

Barak Korren June 21, 2016 at 9:33 AM

Former user May 10, 2016 at 7:13 AM

DetailsAssigneeFormer userFormer user(Deactivated)ReporterEyal EdriEyal EdriPriorityMediumParentOVIRT-403 oVirt infra services maintenance and upgrades

Details

Assignee

Reporter

Priority

Parent

Details
Assignee
Former user(Deactivated)
Reporter
Eyal Edri
Priority
Medium
Parent
OVIRT-403 oVirt infra services maintenance and upgrades