1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>IPA: Identity Policy Audit</title>
<script type="text/javascript" src="../ui/js/libs/loader.js"></script>
<script type="text/javascript">
(function() {
function loaded() {
$(document).ready(function() {
var domain = '.' + (IPA_DOMAIN || 'example.com');
$('.example-domain').text(domain);
var browser = IPA.browser_config.get_browser();
if (browser.mozilla) {
var ff_config = $("#configurefirefox");
var obj = $('<object/>', {
type: 'text/html',
'class': 'browser-config'
});
obj.prop('data', 'jar:/ipa/errors/configure.jar!/preferences.html');
obj.appendTo(ff_config);
ff_config.show();
}
});
}
var styles = [
'../ui/css/patternfly.css',
'../ui/css/ipa.css'
];
var scripts = [
'../ui/js/libs/jquery.js',
'krb.js',
'ffconfig.js'
];
ipa_loader.scripts(scripts, loaded);
ipa_loader.styles(styles);
})();
</script>
</head>
<body class="info-page">
<nav class="navbar navbar-default navbar-pf" role="navigation">
<div class="navbar-header">
<a class="brand" href="../ui/index.html"><img src="../ui/images/header-logo.png" alt="FreeIPA"></a>
</div>
</nav>
<div class="container-fluid">
<div class="row">
<div class="col-sm-12">
<div class="ssbrowser">
<h1>Browser Kerberos Setup</h1>
<h2><img alt="Internet Explorer" src="../ui/images/ie-icon.png">Internet Explorer Configuration</h2>
<p>
Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer.
</p>
<p>
<strong>Login to the Windows machine using an account of your Kerberos realm (administrative domain)</strong>
</p>
<p>
<strong>In Internet Explorer, click Tools, and then click Internet Options.</strong>
</p>
<div>
<ol>
<li>Click the Security tab</li>
<li>Click Local intranet</li>
<li>Click Sites </li>
<li>Click Advanced </li>
<li>Add your domain to the list</li>
</ol>
<ol>
<li>Click the Security tab</li>
<li>Click Local intranet</li>
<li>Click Custom Level</li>
<li>Select Automatic logon only in Intranet zone</li>
</ol>
<ol>
<li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li>
<li><strong> You are all set.</strong></li>
</ol>
</div>
<h2><img alt="Firefox" src="../ui/images/firefox-icon.png">Firefox Configuration</h2>
<p>
You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on.
</p>
<ol>
<li>
In the address bar of Firefox, type <code>about:config</code> to display the list of current configuration options.
</li>
<li>
In the Filter field, type <code>negotiate</code> to restrict the list of options.
</li>
<li>
Double-click the <code>network.negotiate-auth.trusted-uris</code> entry to display the Enter string value dialog box.
</li>
<li>
Enter the name of the domain against which you want to authenticate, for example, <code class="example-domain">.example.com.</code>
</li>
<li><strong> You are all set. </strong></li>
</ol>
<h3>Automatic Configuration of older versions</h3>
<p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p>
<ol>
<li>Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
<li>
Click on "Configure Browser" button below.
<div id="configurefirefox" style="display:none"></div>
</li>
</ol>
</div>
</div>
</div>
</div>
</body>
</html>
|
