search

oVirt / ovirt-engine

The oVirt Engine virtualization manager
Other
513 stars 268 forks source link

How to authenticate the oVirt API with the correct user #874

Closed Jack-Ywn closed 4 months ago

Jack-Ywn commented 1 year ago

Affected version

Describe the bug

I attempted to access the oVirt API using the cURL command, but I was unable to successfully authenticate and obtain an access token.

Steps to Reproduce

  1. Use the following cURL command to access the oVirt API 
    curl \
--cacert '/etc/pki/ovirt-engine/ca.pem' \
--request GET \
--header 'Version: 4' \
--header 'Accept: application/xml' \
--user 'admin@ovirt:password' \
https://eg150.ury.cn/ovirt-engine/api
  2. Verify that the result is an error response
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Expected Behavior I have confirmed that the provided username and password are correct. I expect to successfully obtain an access token with the correct credentials and access the oVirt API. Alternatively, I would like to know how to configure a user with API permissions. I couldn't find any relevant documentation in the user guide, so I hope to receive some instructions and guidance. Thank you very much.

mwperina commented 1 year ago

Hi, preferred authentication method for oVirt RESTAPI is OAUTH, more information can be found at

http://ovirt.github.io/ovirt-engine-api-model/4.5/#_oauth_authentication

Basic authentication doesn't work if you have configured Keycloak as your authentiction provider for oVirt Engine.

Regards, Martin