[one-dev] XML-RPC API server_* driver

Daniel Molina dmolina at opennebula.org
Mon Jul 28 02:45:56 PDT 2014


Hi Cesare,

The server_* authentication is a special method where a user can
authenticate on behalf of other user. This method was included in
OpenNebula for scenarios such as an Apache server configured to use x509
certificates, Apache has already authenticated the user and we just encrypt
a token with the serveradmin credentials and OpenNebula will decrypt the
token and will perform all the actions as the target_username.

Users using the server_* auth method are special users and should not have
any resource.

You can see an example on how Sunstone uses this method:
A user logs in:
https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169
do_auth is called to authenticate the user:
https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18
a token is generated using the server_* method
https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85
this info is sent to one and then checked by the auth driver:
https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110

Hope this helps

http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html




On 25 July 2014 12:39, Cesare Rossi <cesare.rossi at terradue.com> wrote:

> Dear All,
>
> we are interacting with the XML-RPC API. We are trying to perform the
> special authentication method available with the users' drivers
> *server_cipher* or *server_x509 *(i.e. using
> username:target_username:secret), but it seems not working.
>
> The question is: is it possible to use with that API such kind of users ?
> If yes, how ?
>
> Thanks in advance,
>
> Cheers
>
>  Cesare Rossi
> Terradue
> Rome, Italy | Oxford, UK
> http://www.terradue.com
>
>
>
>
> _______________________________________________
> Dev mailing list
> Dev at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
>
>


-- 
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/dev-opennebula.org/attachments/20140728/83c71b9e/attachment.htm>


More information about the Dev mailing list