You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Demetrius Tsitrelis <dt...@live.com> on 2013/12/04 19:09:38 UTC

Why is loginUrl parameter needed?

In CloudStack, it seems that one can login via three methods:
1) Connect to the API endpoint and use a login command with a user name and password.2) Connect to the API endpoint and use a login command with a user name and a signature based upon the "security.singlesignon.key" global setting.3) Pass a "loginUrl" parameter to the login page which fills out the g_loginResponse data structure.  See $(document).ready() in cloud.core.callbacks.js in the ui/scripts directory.
It is that last option I am trying to understand.  What is the use case for this?  Are there examples of this parameter?

RE: Why is loginUrl parameter needed?

Posted by Jessica Wang <Je...@citrix.com>.

Demetrius,

> (3) Pass a "loginUrl" parameter to the login page which fills out the g_loginResponse data structure.  

This is for an outside application(e.g. CloudPortal) to navigate into CloudStack UI without prompting credentials dialog (i.e.signle-sign-on).

e.g.
http://<CloudStackServer>:8080/client/api?loginUrl=command=login&username=XXX&domainid=NNN&timestamp=YYY&signature=<secure-hash>


To get the single sign-on secret key, you must retrieve it from the CloudStack database under the configuration table for the key "security.singlesignon.key". 
Copy this key to the outside application, then pass a login request from the outside application to CloudStack as: 

http://<CloudStackServer>:8080/client/api?loginUrl=command=login&username=XXX&domainid=NNN&timestamp=YYY&signature=<secure-hash>

The four parameters(domainId, username, timestamp, and signature) are required.

The timestamp parameter is simply the current system time in milliseconds. 
There is also a fault tolerance configurable value in the configuration table, "security.singlesignon.tolerance.millis" that can be changed to suit your preference. 
If the timestamp passed in as part of the login request differs from CloudStack Management Server time plus the fault tolerance time, the login request will fail.

Jessica


-----Original Message-----
From: Demetrius Tsitrelis [mailto:dtsitrelis@live.com] 
Sent: Wednesday, December 04, 2013 10:10 AM
To: dev@cloudstack.apache.org
Subject: Why is loginUrl parameter needed?

In CloudStack, it seems that one can login via three methods:

(1) Connect to the API endpoint and use a login command with a user name and password.

(2) Connect to the API endpoint and use a login command with a user name and a signature based upon the "security.singlesignon.key" global setting.

(3) Pass a "loginUrl" parameter to the login page which fills out the g_loginResponse data structure.  

See $(document).ready() in cloud.core.callbacks.js in the ui/scripts directory.
It is that last option I am trying to understand.  What is the use case for this?  Are there examples of this parameter?