When I access the /ipa/json relative url of freeipa master with a browser that was not configured to use kerberos, it shows an error "Unable to verify your Kerberos credentials" and displays two links for browser configuration instructions - for Firefox and other browsers. However, when I click on them, I get redirected to the same error page instead of being shown the configuration instructions. Obviously the instruction pages use the same access restrictions as all other resources, i.e. they demand a valid krb ticket, which has no sense.
attachment <img alt="browser_config_pages.jpeg" src="/freeipa/freeipa/issue/raw/files/6a0db002b841ac47600017979606ab85407c77eabbc0a7e8323bd8a8a6fc8df9-browser_config_pages.jpeg" />
The issue is slightly different:
If somebody accessed protect url, he gets and error page. This page the same for each protect url. The page contains relative urls which are used in links to different pages, image sources or links to CSS files.
Primary location of this page is: http://ipa.exampl.com/ipa/config/unauthorized.html
On other location, like ipa/json, the links might be broken
Fix should be: provide error page with correct paths to resources.
Metadata Update from @ofayans: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
The original screenshot is gone so I don't know if I've reproduced this exactly but there is still something wrong if you go to /ipa/json in a browser.
<img alt="Screenshot_20190109_135617.png" src="/freeipa/issue/raw/files/cd50b3a0bd28dbe694a7e5f5982a5b5957c9e27c72299b0093f0f9fd291d721f-Screenshot_20190109_135617.png" />
Metadata Update from @rcritten: - Issue close_status updated to: None
Login to comment on this ticket.