From 60ed2dabd50580a9c442e975f2764fadb080d2e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 18 Nov 2020 14:58:11 +0100 Subject: [PATCH] Fix login_kerberos on the IPA API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- roles/ipa/server/files/ipa-rewrite.conf | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/ipa/server/files/ipa-rewrite.conf b/roles/ipa/server/files/ipa-rewrite.conf index 9c71d921c2..07f3876b27 100644 --- a/roles/ipa/server/files/ipa-rewrite.conf +++ b/roles/ipa/server/files/ipa-rewrite.conf @@ -21,8 +21,12 @@ RewriteEngine on # Rewrite for plugin index, make it like it's a static file RewriteRule ^/ipa/ui/js/freeipa/plugins.js$ /ipa/wsgi/plugins.py [PT] -# The following disables the annoying kerberos popup for browsers on windows -RewriteCond %{HTTP_COOKIE} !ipa_session -RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$ -RewriteRule ^/ipa/session/json$ - [R=401,L] -RedirectMatch 401 ^/ipa/session/login_kerberos +# The following lines break the python-freeipa library that Noggin and FASJSON +# use. Don't enable them until we have found another way to make windows +# browsers happy. +# Maybe something like: https://github.com/gssapi/mod_auth_gssapi#example-1 +# # The following disables the annoying kerberos popup for browsers on windows +# RewriteCond %{HTTP_COOKIE} !ipa_session +# RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$ +# RewriteRule ^/ipa/session/json$ - [R=401,L] +# RedirectMatch 401 ^/ipa/session/login_kerberos