diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2007-12-12 09:36:32 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2007-12-12 09:36:32 -0500 |
| commit | 6390db3502eaee385cb990eef723bc4f27a633c0 (patch) | |
| tree | 6c619192efd2e40f0c389a2eb01aa84ed99c912c /ipa-server/xmlrpc-server | |
| parent | 1c3849eb576dc9d4cd3d4a39aff9da78be0ddcba (diff) | |
| download | freeipa.git-6390db3502eaee385cb990eef723bc4f27a633c0.tar.gz freeipa.git-6390db3502eaee385cb990eef723bc4f27a633c0.tar.xz freeipa.git-6390db3502eaee385cb990eef723bc4f27a633c0.zip | |
Add automatic browser configuration for kerberos SSO using javascript.
This uses the UniversalPreferencesWrite function to set the browser
preferences to allow negotiation and ticket forwarding in the IPA domain.
A self-signed certificate is generated to sign the javascript.
Diffstat (limited to 'ipa-server/xmlrpc-server')
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 5 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/unauthorized.html | 14 |
2 files changed, 18 insertions, 1 deletions
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index fbf26b67..4e8bf528 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -12,9 +12,12 @@ RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] # Redirect to the secure port if not displaying an error or retrieving # configuration. RewriteCond %{SERVER_PORT} !^443$$ -RewriteCond %{REQUEST_URI} !^/(errors|config)/ +RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] +# This is required so the auto-configuration works with Firefox 2+ +AddType application/java-archive jar + <Proxy *> AuthType Kerberos AuthName "Kerberos Login" diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html index 23a8d5c7..e46ca538 100644 --- a/ipa-server/xmlrpc-server/unauthorized.html +++ b/ipa-server/xmlrpc-server/unauthorized.html @@ -9,6 +9,20 @@ have <a href="/errors/ssbrowser.html">configured your browser correctly</a>. If you are still unable to access the IPA Web interface, please contact the helpdesk on for additional assistance. </p> +<p> +Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>. +</p> +<p> +<script type="text/javascript"> + if (navigator.userAgent.indexOf("Firefox") != -1 || + navigator.userAgent.indexOf("SeaMonkey") != -1) + { + document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority below and clicking on the Configure Browser button.</p>"); + document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>"); + document.write("<object data=\"jar:/errots/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); + } +</script> +</p> </ul> </body> </html> |