[one-users] Authentication API

Carlos Martín Sánchez cmartin at opennebula.org
Thu Oct 24 02:33:10 PDT 2013


Hi,

On Wed, Oct 23, 2013 at 8:45 PM, Alberto Zuin - Liste <liste at albertozuin.eu>
 wrote:

> Hello all,
> I'm trying to integrate OpenNebula in an API project (mine) where I don't
> have a user DB and I have to use OpenNebula to authorize users like a SSO
> service.
> In other situations, I found an API where I send a token and the
> authentication server answer me with a 200 code if the token is valid and
> the user is authenticated (and maybe with the user id and other
> information), or a 401 code if the token isn't valid.
> In OpenNebula documentation I found the one.user.info xml-rpc api, but it
> seems the session input variable is a simple username:password and not a
> real token but in http://opennebula.org/**documentation:rel4.2:auth_**
> overview <http://opennebula.org/documentation:rel4.2:auth_overview> the
> paragraph:
>
> Any interface to OpenNebula (CLI, Sunstone, Ruby or Java OCA) communicates
> with the core using xml-rpc calls, that contain the user's session string,
> which is authenticated by the OpenNebula core comparing the username and
> password with the registered users.
>
> seems to say otherwise.
> Can you help me please?
> Thanks,
> Alberto


The session parameter of the xmlrpc calls is always username:token. But the
contents of the token will depend on the authentication backend. As you
said, the default 'core' mechanism just expects the password.

Other drivers, like ssh and x509, use a token that must be generated with
the command 'oneuser login'. You can even create a new auth driver, it
won't be difficult if you use the existing ones as a reference.
You will find relevant links in the 'Auth Integration' box of the
documentation [1]

I'm not sure I answered your question, feel free to ask away.

Regards

[1] http://opennebula.org/documentation:rel4.2

--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131024/1e921e71/attachment-0002.htm>


More information about the Users mailing list