IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
696fce5c8d4e480c6a731686c8952a4e7ace575f
freeipa/install/html/ssbrowser.html
Petr Vobornik 696fce5c8d Configuration pages changed to use new FF extension 
browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1].

Old configuration method was moved to ssbrowser.html.

Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config.

The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps.

Ticket: https://fedorahosted.org/freeipa/ticket/3094

[1] https://fedorahosted.org/freeipa/ticket/823
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
2012-10-04 18:08:26 -04:00

87 lines
4.0 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>IPA: Identity Policy Audit</title>
<link rel="stylesheet" type="text/css" href="../ui/jquery-ui.css" />
<link rel="stylesheet" type="text/css" href="../ui/ipa.css" />
<link rel="stylesheet" type="text/css" href="ipa_error.css" />
<script type="text/javascript" src="../ui/jquery.js"></script>
<script type="text/javascript" src="krb.js"></script>
<script type="text/javascript">
$(document).ready(function() {
var domain = '.' + (IPA_DOMAIN || 'example.com');
$('.example-domain').text(domain);
if ($.browser.mozilla) {
$("#configurefirefox").show();
}
});
</script>
</head>
<body class="info-page">
<div class="container_1 ssbrowser">
<div class="header-logo">
<img src="../ui/images/ipa-logo.png" /><img src="../ui/images/ipa-banner.png" />
</div>
<div class="textblockkrb">
<h1>Browser Kerberos Setup</h1>
<img alt="Internet Explorer" src="../ui/images/ie-icon.png"><h2>Internet Explorer Configuration</h2>
<p>Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer. </p>
<strong>Login to the Windows machine using an account of your Kerberos realm (administrative domain)</strong><br>
<strong>In Internet Explorer, click Tools, and then click Internet Options.</strong>
<br>
<ul>
<li> 1. Click the Security tab </li>
<li> 2. Click Local intranet </li>
<li> 3. Click Sites </li>
<li> 4. Click Advanced </li>
<li> 5. Add your domain to the list </li>
<br>
<li> 1. Click the Security tab </li>
<li> 2. Click Local intranet </li>
<li> 3. Click Custom Level </li>
<li> 4. Select Automatic logon only in Intranet zone </li>
<br>
<li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li>
<li><strong> You are all set. </strong></li>
</ul>
<br>
<img alt="Firefox" src="../ui/images/firefox-icon.png"><h2>Firefox Configuration</h2>
<p>You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser <br>
to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on. </p>
<ul><li> 1. In the address bar of Firefox, type <tt>about:config</tt> to display the list of current configuration options.</li>
<li> 2. In the Filter field, type <tt>negotiate</tt> to restrict the list of options. </li>
<li> 3. Double-click the <tt>network.negotiate-auth.trusted-uris</tt> entry to display the Enter string value dialog box. </li>
<li> 4. Enter the name of the domain against which you want to authenticate, for example, <tt class="example-domain">.example.com.</tt> </li>
<li> 5. Optional: Repeat the above procedure for the <tt>network.negotiate-auth.delegation-uris</tt> entry, using the same domain. </li>
<br>
<li><strong> You are all set. </strong></li>
</ul>
<h3><a name="oldfirefox"></a> Automatic Configuration of older versions</h3>
<p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p>
<ul>
<li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
<li>2. Click on "Configure Browser" button below.</li>
<li id="configurefirefox" style="display:none"><object data="jar:/ipa/errors/configure.jar!/preferences.html"
type="text/html" class="browser-config"></object></li>
</ul>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink