mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-13 09:41:55 -06:00
b4fc6f4ba8
Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
103 lines
4.3 KiB
HTML
103 lines
4.3 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>IPA: Identity Policy Audit</title>
|
|
<script type="text/javascript" src="../ui/js/libs/loader.js"></script>
|
|
<script type="text/javascript">
|
|
(function() {
|
|
function loaded() {
|
|
$(document).ready(function() {
|
|
var domain = '.' + (IPA_DOMAIN || 'example.com');
|
|
$('.example-domain').text(domain);
|
|
|
|
if ($.browser.mozilla) {
|
|
var ff_config = $("#configurefirefox");
|
|
var obj = $('<object/>', {
|
|
type: 'text/html',
|
|
'class': 'browser-config'
|
|
});
|
|
obj.prop('data', 'jar:/ipa/errors/configure.jar!/preferences.html');
|
|
obj.appendTo(ff_config);
|
|
ff_config.show();
|
|
}
|
|
});
|
|
}
|
|
|
|
var styles = [
|
|
'../ui/jquery-ui.css',
|
|
'../ui/ipa.css',
|
|
'ipa_error.css'
|
|
];
|
|
var scripts = [
|
|
'../ui/js/libs/jquery.js',
|
|
'krb.js'
|
|
];
|
|
ipa_loader.scripts(scripts, loaded);
|
|
ipa_loader.styles(styles);
|
|
})();
|
|
</script>
|
|
|
|
</head>
|
|
|
|
<body class="info-page">
|
|
|
|
<div class="container_1 ssbrowser">
|
|
<div class="header-logo">
|
|
<img src="../ui/images/ipa-logo.png" /><img src="../ui/images/ipa-banner.png" />
|
|
</div>
|
|
<div class="textblockkrb">
|
|
<h1>Browser Kerberos Setup</h1>
|
|
<img alt="Internet Explorer" src="../ui/images/ie-icon.png"><h2>Internet Explorer Configuration</h2>
|
|
<p>Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer. </p>
|
|
|
|
<strong>Login to the Windows machine using an account of your Kerberos realm (administrative domain)</strong><br>
|
|
<strong>In Internet Explorer, click Tools, and then click Internet Options.</strong>
|
|
<br>
|
|
<ul>
|
|
<li> 1. Click the Security tab </li>
|
|
<li> 2. Click Local intranet </li>
|
|
<li> 3. Click Sites </li>
|
|
<li> 4. Click Advanced </li>
|
|
<li> 5. Add your domain to the list </li>
|
|
<br>
|
|
<li> 1. Click the Security tab </li>
|
|
<li> 2. Click Local intranet </li>
|
|
<li> 3. Click Custom Level </li>
|
|
<li> 4. Select Automatic logon only in Intranet zone </li>
|
|
<br>
|
|
<li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li>
|
|
<li><strong> You are all set. </strong></li>
|
|
</ul>
|
|
|
|
<br>
|
|
|
|
<img alt="Firefox" src="../ui/images/firefox-icon.png"><h2>Firefox Configuration</h2>
|
|
|
|
<p>You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser <br>
|
|
to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on. </p>
|
|
|
|
<ul><li> 1. In the address bar of Firefox, type <tt>about:config</tt> to display the list of current configuration options.</li>
|
|
<li> 2. In the Filter field, type <tt>negotiate</tt> to restrict the list of options. </li>
|
|
<li> 3. Double-click the <tt>network.negotiate-auth.trusted-uris</tt> entry to display the Enter string value dialog box. </li>
|
|
<li> 4. Enter the name of the domain against which you want to authenticate, for example, <tt class="example-domain">.example.com.</tt> </li>
|
|
<br>
|
|
<li><strong> You are all set. </strong></li>
|
|
</ul>
|
|
|
|
<h3><a name="oldfirefox"></a> Automatic Configuration of older versions</h3>
|
|
<p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p>
|
|
<ul>
|
|
<li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
|
|
<li>2. Click on "Configure Browser" button below.</li>
|
|
<li id="configurefirefox" style="display:none"></li>
|
|
</ul>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|