From 6390db3502eaee385cb990eef723bc4f27a633c0 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 12 Dec 2007 09:36:32 -0500 Subject: Add automatic browser configuration for kerberos SSO using javascript. This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript. --- ipa-server/xmlrpc-server/ipa.conf | 5 ++++- ipa-server/xmlrpc-server/unauthorized.html | 14 ++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'ipa-server/xmlrpc-server') diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index fbf26b67..4e8bf528 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -12,9 +12,12 @@ RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] # Redirect to the secure port if not displaying an error or retrieving # configuration. RewriteCond %{SERVER_PORT} !^443$$ -RewriteCond %{REQUEST_URI} !^/(errors|config)/ +RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico) RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] +# This is required so the auto-configuration works with Firefox 2+ +AddType application/java-archive jar + AuthType Kerberos AuthName "Kerberos Login" diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html index 23a8d5c7..e46ca538 100644 --- a/ipa-server/xmlrpc-server/unauthorized.html +++ b/ipa-server/xmlrpc-server/unauthorized.html @@ -9,6 +9,20 @@ have configured your browser correctly. If you are still unable to access the IPA Web interface, please contact the helpdesk on for additional assistance.

+

+Import the IPA Certificate Authority. +

+

+ +

-- cgit