freeipa

Clone
Source Code
GIT

109cd57 fix canonicalization issue in Web UI

2 files Authored by abbra 2 years ago, Committed by frenaud 2 years ago,
raw patch tree parent
2 files changed. 8 lines added. 1 lines removed.
install/ui/src/freeipa/ipa.js
file modified
+7 -1
ipaserver/rpcserver.py
file modified
+1 -0 
    fix canonicalization issue in Web UI
    
    When Kerberos principal alias is used to login to a Web UI, we end up
    with a request that is authenticated by a ticket issued in the alias
    name but metadata processed for the canonical user name. This confuses
    RPC layer of Web UI code and causes infinite loop to reload the page.
    
    Fix it by doing two things:
    
     - force use of canonicalization of an enterprise principal on server
       side, not just specifying that the principal is an enterprise one;
    
     - recognize that a principal in the whoami()-returned object can have
       aliases and the principal returned by the server in the JSON response
       may be one of those aliases.
    
    Fixes: https://pagure.io/freeipa/issue/9226
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Armando Neto <abiagion@redhat.com>
file modified
+7 -1
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.