diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2007-12-12 09:36:32 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2007-12-12 09:36:32 -0500 |
| commit | 6390db3502eaee385cb990eef723bc4f27a633c0 (patch) | |
| tree | 6c619192efd2e40f0c389a2eb01aa84ed99c912c /ipa-server/ipa-install/share | |
| parent | 1c3849eb576dc9d4cd3d4a39aff9da78be0ddcba (diff) | |
| download | freeipa-6390db3502eaee385cb990eef723bc4f27a633c0.tar.gz freeipa-6390db3502eaee385cb990eef723bc4f27a633c0.tar.xz freeipa-6390db3502eaee385cb990eef723bc4f27a633c0.zip | |
Add automatic browser configuration for kerberos SSO using javascript.
This uses the UniversalPreferencesWrite function to set the browser
preferences to allow negotiation and ticket forwarding in the IPA domain.
A self-signed certificate is generated to sign the javascript.
Diffstat (limited to 'ipa-server/ipa-install/share')
| -rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/preferences.html.template | 33 |
2 files changed, 34 insertions, 0 deletions
diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index 36bb54e83..36837356d 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -19,6 +19,7 @@ app_DATA = \ krb.con.template \ krbrealm.con.template \ ntp.conf.server.template \ + preferences.html.template \ radius.radiusd.conf.template \ referint-conf.ldif \ dna-posix.ldif \ diff --git a/ipa-server/ipa-install/share/preferences.html.template b/ipa-server/ipa-install/share/preferences.html.template new file mode 100644 index 000000000..2d3684dcd --- /dev/null +++ b/ipa-server/ipa-install/share/preferences.html.template @@ -0,0 +1,33 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Automatically set browser preferences</title> +</head> +<body> +<form action="undefined" method="get"> +<input type=button onclick="setPreferences()" name="prefs" value="Configure Firefox"> +</form> + +<script type="text/javascript"> +function setPreferences() { + try { + netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite"); + try { + navigator.preference("network.negotiate-auth.using-native-gsslib", true) + navigator.preference("network.negotiate-auth.delegation-uris", ".$DOMAIN") + navigator.preference("network.negotiate-auth.trusted-uris", ".$DOMAIN") + navigator.preference("network.negotiate-auth.allow-proxies", true) + } catch (e) { + alert("Unable to store preferences: " + e) + } + netscape.security.PrivilegeManager.disablePrivilege("UniversalPreferencesWrite"); + alert("Successfully configured Firefox for single sign on.") + } catch (e) { + alert("Unable to apply recommended settings.\n\nClick on the Certificate Authority link and select trust for all, then reload this page and try again.\n\nThe error returned was: " + e); + return; + } +} +</script> + +</body> +</html> |