mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
2ae316d430
When Kerberos principal alias is used to login to a Web UI, we end up with a request that is authenticated by a ticket issued in the alias name but metadata processed for the canonical user name. This confuses RPC layer of Web UI code and causes infinite loop to reload the page. Fix it by doing two things: - force use of canonicalization of an enterprise principal on server side, not just specifying that the principal is an enterprise one; - recognize that a principal in the whoami()-returned object can have aliases and the principal returned by the server in the JSON response may be one of those aliases. Fixes: https://pagure.io/freeipa/issue/9226 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Armando Neto <abiagion@redhat.com> |
||
---|---|---|
.. | ||
advise | ||
custodia | ||
dnssec | ||
install | ||
plugins | ||
secrets | ||
__init__.py | ||
dcerpc_common.py | ||
dcerpc.py | ||
dns_data_management.py | ||
Makefile.am | ||
masters.py | ||
p11helper.py | ||
rpcserver.py | ||
servroles.py | ||
setup.cfg | ||
setup.py | ||
topology.py | ||
wsgi.py |