Add automatic browser configuration for kerberos SSO using javascript.

This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript.
author: Rob Crittenden <rcritten@redhat.com> 2007-12-12 09:36:32 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2007-12-12 09:36:32 -0500
commit: 6390db3502eaee385cb990eef723bc4f27a633c0 (patch)
tree: 6c619192efd2e40f0c389a2eb01aa84ed99c912c /ipa-server/ipaserver/httpinstance.py
parent: 1c3849eb576dc9d4cd3d4a39aff9da78be0ddcba (diff)
1 files changed, 32 insertions, 2 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py
index de0b3af82..a131faedc 100644
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -25,6 +25,7 @@ import pwd
 import fileinput
 import sys
 import time
+import shutil
 
 import service
 import certs
@@ -49,9 +50,10 @@ class HTTPInstance(service.Service):
         service.Service.__init__(self, "httpd")
 
     def create_instance(self, realm, fqdn):
-        self.sub_dict = { "REALM" : realm, "FQDN":  fqdn }
         self.fqdn = fqdn
         self.realm = realm
+        self.domain = fqdn[fqdn.find(".")+1:]
+        self.sub_dict = { "REALM" : realm, "FQDN": fqdn, "DOMAIN" : self.domain }
         
         self.start_creation(7, "Configuring the web interface")
         
@@ -60,6 +62,7 @@ class HTTPInstance(service.Service):
         self.__configure_http()
         self.__create_http_keytab()
         self.__setup_ssl()
+        self.__setup_autoconfig()
 
         self.step("restarting httpd")
         self.restart()
@@ -141,4 +144,31 @@ class HTTPInstance(service.Service):
         ds_ca.cur_serial = 2000
         ca.create_from_cacert(ds_ca.cacert_fname)
         ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
-        
+        ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca)
+
+    def __setup_autoconfig(self):
+        prefs_txt = template_file(SHARE_DIR + "preferences.html.template", self.sub_dict)
+        prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")
+        prefs_fd.write(prefs_txt)
+        prefs_fd.close()                
+
+        # The signing cert is generated in __setup_ssl
+        ds_ca = certs.CertDB(dsinstance.config_dirname(self.realm))
+        ca = certs.CertDB(NSS_DIR)
+
+        # Publish the CA certificate
+        shutil.copy(ds_ca.cacert_fname, "/usr/share/ipa/html/ca.crt")
+        os.chmod("/usr/share/ipa/html/ca.crt", 0444)
+
+        try:
+            shutil.rmtree("/tmp/ipa")
+        except:
+            pass
+        os.mkdir("/tmp/ipa")
+        shutil.copy("/usr/share/ipa/html/preferences.html", "/tmp/ipa")
+
+        ca.run_signtool(["-k", "Signing-Cert",
+                         "-Z", "/usr/share/ipa/html/configure.jar",
+                         "-e", ".html",
+                         "/tmp/ipa"])
+        shutil.rmtree("/tmp/ipa")
author	Rob Crittenden <rcritten@redhat.com>	2007-12-12 09:36:32 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2007-12-12 09:36:32 -0500
commit	6390db3502eaee385cb990eef723bc4f27a633c0 (patch)
tree	6c619192efd2e40f0c389a2eb01aa84ed99c912c /ipa-server/ipaserver/httpinstance.py
parent	1c3849eb576dc9d4cd3d4a39aff9da78be0ddcba (diff)