cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Waterhouse <Simon.Waterho...@eu.citrix.com>
Subject RE: CloudStack UI Authentication Mechanism
Date Fri, 05 Apr 2013 12:29:26 GMT
The "official" location is pending a decision by the community what to do with this code. 

Citrix would like to contribute it to the CloudStack project - having a ready-made .NET client
for the CloudStack API is surely an advantage for us - anyone have thoughts on where it should
live in the long term?

Regards
Simon

-----Original Message-----
From: Donal Lafferty 
Sent: 05 April 2013 13:21
To: Simon Waterhouse; dev@cloudstack.apache.org
Cc: Pranav Saxena
Subject: RE: CloudStack UI Authentication Mechanism

Thanks for upgrading the .NET SDK I created :)

Will this be the official public location?


> -----Original Message-----
> From: Simon Waterhouse
> Sent: 05 April 2013 9:34 AM
> To: dev@cloudstack.apache.org
> Cc: Donal Lafferty; Pranav Saxena
> Subject: RE: CloudStack UI Authentication Mechanism
> 
> This should work whichever authenticator is used behind the logon API
> (LDAP , MD5 etc.), but I didn't test the LDAP auth. yet...
> 
> 
> -----Original Message-----
> From: Simon Waterhouse [mailto:Simon.Waterhouse@eu.citrix.com]
> Sent: 05 April 2013 09:27
> To: dev@cloudstack.apache.org
> Cc: Donal Lafferty
> Subject: RE: CloudStack UI Authentication Mechanism
> 
> The CloudStack .NET SDK  at
> https://github.com/siwater/cloudstack_dotnetsdk has support for both user
> name/password and apiKey/secretKey authentication.
> 
> 
> -----Original Message-----
> From: Pranav Saxena [mailto:pranav.saxena@citrix.com]
> Sent: 04 April 2013 17:51
> To: dev@cloudstack.apache.org
> Cc: cloudstack-dev@incubator.apache.org; Donal Lafferty
> Subject: RE: CloudStack UI Authentication Mechanism
> 
> Hey Donal,
> 
> Sorry , I should have responded you a bit earlier but had no access to email
> today . Yeah you are absolutely right . UI uses Jsession ID to bypaas login
> check something like this as shown below -
> 
> // Use this for checking the session, to bypass login screen
>       bypassLoginCheck: function(args) { //determine to show or bypass login
> screen
>                           if (g_loginResponse == null) { //show login screen
>                                         g_mySession = $.cookie('JSESSIONID');
>                                         g_sessionKey = $.cookie('sessionKey');
>                                         g_role = $.cookie('role');
>                                         g_username = $.cookie('username');
>                                         g_userid = $.cookie('userid');
>                                         g_account = $.cookie('account');
>                                         g_domainid = $.cookie('domainid');
>                                         g_userfullname = $.cookie('userfullname');
>                                         g_timezone = $.cookie('timezone');
>                                         if($.cookie('timezoneoffset') != null)
>                                                 g_timezoneoffset =
> isNaN($.cookie('timezoneoffset'))? null:
> parseFloat($.cookie('timezoneoffset'));
>                                         else
>                                                 g_timezoneoffset = null;
>         }
> 
> Let me know if you need any more details.
> 
> Thanks,
> Pranav
> 
> -----Original Message-----
> From: Donal Lafferty [mailto:donal.lafferty@citrix.com]
> Sent: Thursday, April 04, 2013 9:33 PM
> To: dev@cloudstack.apache.org
> Cc: cloudstack-dev@incubator.apache.org
> Subject: RE: CloudStack UI Authentication Mechanism
> 
> 
> 
> > -----Original Message-----
> > From: rohityadav89@gmail.com [mailto:rohityadav89@gmail.com] On
> Behalf
> > Of Rohit Yadav
> > Sent: 04 April 2013 4:36 PM
> > To: dev@cloudstack.apache.org
> > Cc: cloudstack-dev@incubator.apache.org
> > Subject: Re: CloudStack UI Authentication Mechanism
> >
> > On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty
> > <donal.lafferty@citrix.com>wrote:
> >
> > >
> > >
> > > > -----Original Message-----
> > > > From: rohityadav89@gmail.com [mailto:rohityadav89@gmail.com] On
> > > > Behalf Of Rohit Yadav
> > > > Sent: 04 April 2013 2:52 PM
> > > > To: dev@cloudstack.apache.org
> > > > Cc: cloudstack-dev@incubator.apache.org
> > > > Subject: Re: CloudStack UI Authentication Mechanism
> > > >
> > > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty
> > > > <donal.lafferty@citrix.com>wrote:
> > > >
> > > > > I noticed that the CloudStack UI allows VM control to accounts
> > > > > that don't have an API key set defined.
> > > > >
> > > > > How does its authentication mechanism work?  E.g.
> > > > >
> > > > >
> > > > > 1.                  How are API calls authenticated and authorized
if
> > > they
> > > > > are not signed with API keys?
> > > > >
> > > >
> > > > On integration port, defined in the global settings, 8096
> > > > generally
> > > there is no
> > > > authentication done, user is admin has max. power.
> > > >
> > > [Donal Lafferty]
> > > Okay, but the UI doesn't usually go over 8096.  How does it work
> > > when its not bypassing authentication?
> > >
> >
> > jquery UI experts will let you know the internals. When authentication
> > in UI is done, the keys are obtained and subsequently used while querying.
> > Just attach your debugger to ApiServlet's GET handlers and follow the
> > sequence which will help you discover how it all works till it reaches
> > ApiDispatcher (through ApiServer class) where the actual cmd class is
> > found, filled and executed.
> >
> [Donal Lafferty]
> Looks like it uses a JSESSIONID cookie rather than HTTP Query signing.
> 
> See http://cloudstack.apache.org/docs/api/apidocs-
> 4.0.0/root_admin/login.html
> 
> > Cheers.
> >
> >
> > > >
> > > > >
> > > > > 2.                  Does this work equally well when LDAP is to
> > > > > authenticate username / password?
> > > > >
> > > >
> > > > Abhi can comment on this one.
> > > >
> > > > Cheers.
> > > >
> > > >
> > > > >
> > > > >
> > > > > DL
> > > > >
> > > > >
> > > > >
> > >

Mime
View raw message