In order to simplify the build process between upstream FreeIPA
and downstream builds (such as CentOS Stream) we are changing
some file references from FreeIPA to IPA (and Identity Management).
https://pagure.io/freeipa/issue/8669
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The trailing dot causes it to not function as expected, remove
it from the example.
https://pagure.io/freeipa/issue/8201
Reviewed-By: Christian Heimes <cheimes@redhat.com>
As for now 'ssbrowser.html' and 'unauthorized.html' pages are
loaded without JS error at development mode only.
There is no standalone 'freeipa/text' module as source at
production mode. Thus 'core' one have to be loaded first and
then 'text'.
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Make this page message translatable as other parts of IPA framework.
Fixes: https://pagure.io/freeipa/issue/7640
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Serhii Tsymbaliuk <stsymbal@redhat.com>
Firefox extension which served for configuring Kerberos auth in Firefox
until version which banned self-signed extensions was removed in commit
6c53765ac1.
Given that configure.jar, even older Firefox config tool, was removed
sometime before that, there is no use for signtool tool. It is good
because it is removed from Fedora 27 anyway. So removing last unused
function which calls it.
The removal of FF extension was not exactly clean so removing also
browserconfig.html which only purpose was to use the extension. Therefore
also related JS files are removed. This removal requires unauthorized.html
to be updated so that it doesn't point to non-existing page. And given that
it now points only to single config page, we can change link in UI login page
to this page (ssbrowser.html). While at it, improving buttons in ssbrowser.html.
Btw, commit 6c53765ac1 removed also generation of
krb.js. It had one perk - with that info ssbrowser.html could display real
Kerberos domain instead of only 'example.com'. I don't have time to revert this
change so removing traces of krb.js as well.
https://pagure.io/freeipa/issue/7135
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Automake manual section 13 What Gets Cleaned says that make maintainer-clean
should not remove files necessary for subsequent runs of ./configure.
It practically means that all usage of MAINTAINERCLEANFILES were incorrect
so I've removed them.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
As Internet Explorer is not a supported browser anymore, browser Kerberos
configuration page shows warning to user about the same.
Fixes : https://fedorahosted.org/freeipa/ticket/5656
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Configure.jar used to be used with firefox version < 10 which is not
supported anymore, thus this can be removed.
https://fedorahosted.org/freeipa/ticket/5144
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
The intended course of action is to show manual configuration in
browserconfig.html instead of configuration with the extension
for versions of Firefox >= 40.
The reasoning is:
* plan for enterprise environments was not published yet which
forces as to use AMO (addons.mozilla.org)
* with AMO the user experience is worse than a manual configuration
steps for AMO:
* go to AMO page
* installed the extension
* go back to IPA page
* probably refresh
* click configure
* confirm
manual config:
* go to about:config
* set network.negotiate-auth.trusted-uris with *domain.name
https://fedorahosted.org/freeipa/ticket/4906
Reviewed-By: Martin Basti <mbasti@redhat.com>
- As Chromium and Chrome share most of the same code base but are
configured in different locations, add a note showing the different
configuration locations.
A part of https://fedorahosted.org/freeipa/ticket/823
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Issue:
* There was no caching policy specified.
* -> Browsers use their own default policy.
* -> After upgrade, some Web UI files might have been actualized some not.
* -> With schema change may result into weird bugs in Web UI
Solution considerations:
1. Detect server version change and hard-reload at runtime
Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it.
2. Application Cache
HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files).
Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail.
3. Set Expires to now() for everything
Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed.
Solution:
* Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded.
* The loader adds a version parameter (?v=__NUM_VERSION__) to all requests.
* Version is defined in the loader. It's set to current in `make version-update`.
* All static pages use this loader to fetch their resources.
* Version is also passed to dojo loader as cache-bust for the same effect.
* Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration).
Possible issues:
* Images are cached but not requested with version param.
* Images with version and without are considered different
* -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS.
* Proposed solution is to change image name when changing image. Image change is done rarely.
* Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins.
* No action taken to address this issue yet.
* We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/)
* or set expires to now for all plugins
* running `make version-update` is required in order to use static version of UI for testing
https://fedorahosted.org/freeipa/ticket/3798
Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed.
This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail.
https://fedorahosted.org/freeipa/ticket/3645
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.
https://fedorahosted.org/freeipa/ticket/112
browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1].
Old configuration method was moved to ssbrowser.html.
Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config.
The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps.
Ticket: https://fedorahosted.org/freeipa/ticket/3094
[1] https://fedorahosted.org/freeipa/ticket/823
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
https://fedorahosted.org/freeipa/ticket/1565
The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems.
Additional changes:
* fixed whitespaces in ipa.css
* unified headings in config pages
https://fedorahosted.org/freeipa/ticket/1932
Description of problem:
Title is missing while configuring browser for the first time.
Actual results:
There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not.
Expected results:
Title "Identity Management" is always present.
Fixed:
* modified paths to images
* fixed padding in ssbrowser.html
* moved browser icons to ui folder
* deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed)
whitespaces
shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red.
Only shows up fro administrators, not for self service users.
https://fedorahosted.org/freeipa/ticket/1421
I have only tested the all, rpms and *clean targets directly.
install may work but the rpm moves a lot of things around for us.
The Apache configuration file isn't in its final state but it works
with the new mod_python configuration.