Marek Hulan made me aware we could optimize auth roundtrips when performing authentication.
The trick is to return the Form for authentication together with the negotiate headers. If the browser has creedntials it will simply continue negotiation, otherwise it will show the form immediately w/o needing a redirect.
This can be done by embedding the content of the form in the 401 error. In apahce this is done by suing the ErrorDocument directive.
Is this ticket based on some inefficient behavior or is it just a general recommendation?
If I understand it correctly it's only related to accessing FreeIPA's API. Consumers of the API are:
CLI and third party apps are not relevant because they don't care about the form. The remaining is Web UI but it doesn't care either because it's all done on a single page by using AJAX calls, subsequent login form is created by JS so there is no redirection.
Am I missing something?
3.4 development was shifted for one month, moving tickets to reflect reality better.
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
Deferring, explanation in comment 1.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Tickets Deferred
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.