IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
a355646c37
freeipa/install/html/ssbrowser.html

208 lines
8.0 KiB
HTML
Raw Normal View History

Main UI, migration, and html Style updates
2011-01-20 14:39:59 -06:00
<!DOCTYPE html>
Show (hopefully) useful information if the Kerberos connection fails.
2007-09-24 14:20:34 -05:00
<html>
Remove broken link for IE configuration and replace sample domain/realm. Also fix some HTML errors: missing DOCTYPE, title, head. The web page actually comes up as a link in a search on Microsoft's site but the content is gone. It is possible it will come back at some point, who knows. 447445
2008-05-20 08:43:31 -05:00
<head>
Main UI, migration, and html Style updates
2011-01-20 14:39:59 -06:00
<meta charset="utf-8">
<title>IPA: Identity Policy Audit</title>
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
<script type="text/javascript" src="../ui/js/libs/loader.js"></script>
Configuration pages changed to use new FF extension browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1]. Old configuration method was moved to ssbrowser.html. Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config. The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps. Ticket: https://fedorahosted.org/freeipa/ticket/3094 [1] https://fedorahosted.org/freeipa/ticket/823 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
2012-10-01 10:36:42 -05:00
<script type="text/javascript">
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
var dojoConfig = {
baseUrl: "../ui/js",
has: {
'dojo-firebug': false,
'dojo-debug-messages': true
},
parseOnLoad: false,
async: true,
packages: [
{
name:'dojo',
location:'dojo'
},
{
name: 'freeipa',
location: 'freeipa'
}
]
};
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
(function() {
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
var icons = [
Fix javascript 'errors' found by jslint There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-09-26 15:12:55 -05:00
'../ui/favicon.ico'
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
];
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
var styles = [
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
'../ui/css/patternfly.css',
'../ui/css/ipa.css'
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
];
var scripts = [
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
'../ui/js/libs/jquery.js',
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
'../ui/js/libs/jquery.ordered-map.js',
Fix javascript 'errors' found by jslint There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-09-26 15:12:55 -05:00
'../ui/js/dojo/dojo.js'
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
];
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
ipa_loader.scripts(scripts, function() {
require([
'dojo/dom',
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
'freeipa/core',
Fix javascript 'errors' found by jslint There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-09-26 15:12:55 -05:00
'dojo/domReady!'
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
],
function(dom) {
var text = require('freeipa/text');
Fix javascript 'errors' found by jslint There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-09-26 15:12:55 -05:00
var msg = "".concat(
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
text.get('@i18n:ssbrowser-page.header'),
text.get('@i18n:ssbrowser-page.firefox-header'),
text.get('@i18n:ssbrowser-page.firefox-actions'),
text.get('@i18n:ssbrowser-page.chrome-header'),
text.get('@i18n:ssbrowser-page.chrome-certificate'),
text.get('@i18n:ssbrowser-page.chrome-spnego'),
text.get('@i18n:ssbrowser-page.ie-header'),
Fix javascript 'errors' found by jslint There are several JavaScript errors, which have come with PRs: 2362, 2371, 2372. JavaScript code have to follow jsl requires. Fixes: https://pagure.io/freeipa/issue/7717 Fixes: https://pagure.io/freeipa/issue/7718 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-09-26 15:12:55 -05:00
text.get('@i18n:ssbrowser-page.ie-actions')
);
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
dom.byId('ssbrowser-msg').innerHTML=msg;
});
});
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
ipa_loader.styles(styles);
Fix loading 'freeipa/text' at production mode As for now 'ssbrowser.html' and 'unauthorized.html' pages are loaded without JS error at development mode only. There is no standalone 'freeipa/text' module as source at production mode. Thus 'core' one have to be loaded first and then 'text'. Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-09-24 12:52:37 -05:00
ipa_loader.icons(icons);
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
})();
Configuration pages changed to use new FF extension browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1]. Old configuration method was moved to ssbrowser.html. Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config. The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps. Ticket: https://fedorahosted.org/freeipa/ticket/3094 [1] https://fedorahosted.org/freeipa/ticket/823 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
2012-10-01 10:36:42 -05:00
</script>
Load updated Web UI files after server upgrade Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
2013-08-29 08:19:02 -05:00
Main UI, migration, and html Style updates
2011-01-20 14:39:59 -06:00
</head>
Show (hopefully) useful information if the Kerberos connection fails.
2007-09-24 14:20:34 -05:00
Fixed: Duplicate CSS definitions https://fedorahosted.org/freeipa/ticket/1565 The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems. Additional changes: * fixed whitespaces in ipa.css * unified headings in config pages
2011-10-11 02:42:35 -05:00
<body class="info-page">
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<nav class="navbar navbar-default navbar-pf" role="navigation">
<div class="navbar-header">
<a class="brand" href="../ui/index.html"><img src="../ui/images/header-logo.png" alt="FreeIPA"></a>
</div>
</nav>
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<div class="container-fluid">
<div class="row">
<div class="col-sm-12">
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
<div class="ssbrowser" id="ssbrowser-msg">
<noscript>
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<h1>Browser Kerberos Setup</h1>
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
<h2>Firefox</h2>
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<p>
You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on.
</p>
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<ol>
Drop configure.jar Configure.jar used to be used with firefox version < 10 which is not supported anymore, thus this can be removed. https://fedorahosted.org/freeipa/ticket/5144 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2015-10-27 09:36:55 -05:00
<li>
browser config: cleanup after removal of Firefox extension Firefox extension which served for configuring Kerberos auth in Firefox until version which banned self-signed extensions was removed in commit 6c53765ac1746ea3cb82554775a37fe43af062e8. Given that configure.jar, even older Firefox config tool, was removed sometime before that, there is no use for signtool tool. It is good because it is removed from Fedora 27 anyway. So removing last unused function which calls it. The removal of FF extension was not exactly clean so removing also browserconfig.html which only purpose was to use the extension. Therefore also related JS files are removed. This removal requires unauthorized.html to be updated so that it doesn't point to non-existing page. And given that it now points only to single config page, we can change link in UI login page to this page (ssbrowser.html). While at it, improving buttons in ssbrowser.html. Btw, commit 6c53765ac1746ea3cb82554775a37fe43af062e8 removed also generation of krb.js. It had one perk - with that info ssbrowser.html could display real Kerberos domain instead of only 'example.com'. I don't have time to revert this change so removing traces of krb.js as well. https://pagure.io/freeipa/issue/7135 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2017-09-01 14:50:44 -05:00
<p>
<a href="ca.crt" id="ca-link" class="btn btn-default">Import Certificate Authority certificate</a>
</p>
<p>
Make sure you select <b>all three</b> checkboxes.
</p>
Drop configure.jar Configure.jar used to be used with firefox version < 10 which is not supported anymore, thus this can be removed. https://fedorahosted.org/freeipa/ticket/5144 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2015-10-27 09:36:55 -05:00
</li>
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
<li>
In the address bar of Firefox, type <code>about:config</code> to display the list of current configuration options.
</li>
<li>
In the Filter field, type <code>negotiate</code> to restrict the list of options.
</li>
<li>
Double-click the <code>network.negotiate-auth.trusted-uris</code> entry to display the Enter string value dialog box.
</li>
<li>
Don't fully quality the FQDN in ssbrowser.html for Chrome The trailing dot causes it to not function as expected, remove it from the example. https://pagure.io/freeipa/issue/8201 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-17 14:10:46 -06:00
Enter the name of the domain against which you want to authenticate, for example, <code class="example-domain">.example.com</code>.
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
</li>
browser config: cleanup after removal of Firefox extension Firefox extension which served for configuring Kerberos auth in Firefox until version which banned self-signed extensions was removed in commit 6c53765ac1746ea3cb82554775a37fe43af062e8. Given that configure.jar, even older Firefox config tool, was removed sometime before that, there is no use for signtool tool. It is good because it is removed from Fedora 27 anyway. So removing last unused function which calls it. The removal of FF extension was not exactly clean so removing also browserconfig.html which only purpose was to use the extension. Therefore also related JS files are removed. This removal requires unauthorized.html to be updated so that it doesn't point to non-existing page. And given that it now points only to single config page, we can change link in UI login page to this page (ssbrowser.html). While at it, improving buttons in ssbrowser.html. Btw, commit 6c53765ac1746ea3cb82554775a37fe43af062e8 removed also generation of krb.js. It had one perk - with that info ssbrowser.html could display real Kerberos domain instead of only 'example.com'. I don't have time to revert this change so removing traces of krb.js as well. https://pagure.io/freeipa/issue/7135 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2017-09-01 14:50:44 -05:00
<li><a href="../ui/index.html" id="return-link" class="btn btn-default">Return to Web UI</a></li>
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
</ol>
Fixed links to images in config and migration pages https://fedorahosted.org/freeipa/ticket/1932 Description of problem: Title is missing while configuring browser for the first time. Actual results: There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not. Expected results: Title "Identity Management" is always present. Fixed: * modified paths to images * fixed padding in ssbrowser.html * moved browser icons to ui folder * deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed) whitespaces
2011-10-06 07:30:26 -05:00
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
<h2>Chrome</h2>
<p>
You can configure Chrome to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on.
</p>
<h3>Import CA Certificate</h3>
<ol>
<li>
Download the <a href="ca.crt">CA certificate</a>. Alternatively, if the host is also an IdM client, you can find the certificate in /etc/ipa/ca.crt.
</li>
<li>
Click the menu button with the <em>Customize and control Google Chrome</em> tooltip, which is by default in the top right-hand corner of Chrome, and click <em>Settings</em>.
</li>
<li>
Click <em>Show advanced settings</em> to display more options, and then click the <em>Manage certificates</em> button located under the HTTPS/SSL heading.
</li>
<li>
In the <em>Authorities</em> tab, click the <em>Import</em> button at the bottom.
</li>
<li>Select the CA certificate file that you downloaded in the first step.</li>
</ol>
<h3>
Enable SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) to Use Kerberos Authentication
in Chrome
</h3>
<ol>
<li>
Make sure you have the necessary directory created by running:
<div><code>
[root@client]# mkdir -p /etc/opt/chrome/policies/managed/
</code></div>
</li>
<li>
Create a new <code>/etc/opt/chrome/policies/managed/mydomain.json</code> file with write privileges limited to the system administrator or root, and include the following line:
<div><code>
Don't fully quality the FQDN in ssbrowser.html for Chrome The trailing dot causes it to not function as expected, remove it from the example. https://pagure.io/freeipa/issue/8201 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-17 14:10:46 -06:00
{ "AuthServerWhitelist": "*<span class="example-domain">.example.com</span>" }
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
</code></div>
<div>
You can do this by running:
</div>
<div><code>
Don't fully quality the FQDN in ssbrowser.html for Chrome The trailing dot causes it to not function as expected, remove it from the example. https://pagure.io/freeipa/issue/8201 Reviewed-By: Christian Heimes <cheimes@redhat.com>
2020-02-17 14:10:46 -06:00
[root@server]# echo '{ "AuthServerWhitelist": "*<span class="example-domain">.example.com</span>" }' > /etc/opt/chrome/policies/managed/mydomain.json
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
</code></div>
</li>
</ol>
Add Chromium configuration note to ssbrowser - As Chromium and Chrome share most of the same code base but are configured in different locations, add a note showing the different configuration locations. A part of https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2015-07-29 08:38:15 -05:00
<ol>
<p>
<strong>Note:</strong> If using Chromium, use <code>/etc/chromium/policies/managed/</code> instead of <code>/etc/opt/chrome/policies/managed/</code> for the two SPNEGO Chrome configuration steps above.
</p>
</ol>
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
<h2>Internet Explorer</h2>
Added warning to user for Internet Explorer As Internet Explorer is not a supported browser anymore, browser Kerberos configuration page shows warning to user about the same. Fixes : https://fedorahosted.org/freeipa/ticket/5656 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2016-04-25 05:53:33 -05:00
<p><strong>WARNING:</strong> Internet Explorer is no longer a supported browser.</p>
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
<p>
Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer.
</p>
<p>
Address more 'to login' Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2017-11-21 02:15:07 -06:00
<strong>Log into the Windows machine using an account of your Kerberos realm (administrative domain)</strong>
webui: add Kerberos configuration instructions for Chrome * IE section moved at the end * Chrome section added * FF and IE icons removed https://fedorahosted.org/freeipa/ticket/823 Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-07-17 08:57:30 -05:00
</p>
<p>
<strong>In Internet Explorer, click Tools, and then click Internet Options.</strong>
</p>
<div>
<ol>
<li>Click the Security tab</li>
<li>Click Local intranet</li>
<li>Click Sites </li>
<li>Click Advanced </li>
<li>Add your domain to the list</li>
</ol>
<ol>
<li>Click the Security tab</li>
<li>Click Local intranet</li>
<li>Click Custom Level</li>
<li>Select Automatic logon only in Intranet zone</li>
</ol>
<ol>
<li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li>
<li><strong> You are all set.</strong></li>
</ol>
</div>
Fix translation of "ssbrowser.html" Web page Make this page message translatable as other parts of IPA framework. Fixes: https://pagure.io/freeipa/issue/7640 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
2018-07-12 15:19:04 -05:00
</noscript>
webui: apply PatternFly theme on config pages https://fedorahosted.org/freeipa/ticket/4278 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
2014-03-31 07:03:28 -05:00
</div>
</div>
</div>
</div>
Show (hopefully) useful information if the Kerberos connection fails.
2007-09-24 14:20:34 -05:00
</body>
Main UI, migration, and html Style updates
2011-01-20 14:39:59 -06:00
Show (hopefully) useful information if the Kerberos connection fails.
2007-09-24 14:20:34 -05:00
</html>
Main UI, migration, and html Style updates
2011-01-20 14:39:59 -06:00
Reference in New Issue Copy Permalink