#5036 browserconfig.html and ssbrowser.html should be made accessible without kerberos ticket
Opened 8 years ago by ofayans. Modified 5 years ago

When I access the /ipa/json relative url of freeipa master with a browser that was not configured to use kerberos, it shows an error "Unable to verify your Kerberos credentials" and displays two links for browser configuration instructions - for Firefox and other browsers. However, when I click on them, I get redirected to the same error page instead of being shown the configuration instructions. Obviously the instruction pages use the same access restrictions as all other resources, i.e. they demand a valid krb ticket, which has no sense.


The issue is slightly different:

If somebody accessed protect url, he gets and error page. This page the same for each protect url. The page contains relative urls which are used in links to different pages, image sources or links to CSS files.

Primary location of this page is:
http://ipa.exampl.com/ipa/config/unauthorized.html

On other location, like ipa/json, the links might be broken

Fix should be:
provide error page with correct paths to resources.

Metadata Update from @ofayans:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

The original screenshot is gone so I don't know if I've reproduced this exactly but there is still something wrong if you go to /ipa/json in a browser.

Screenshot_20190109_135617.png

Metadata Update from @rcritten:
- Issue close_status updated to: None

5 years ago

Login to comment on this ticket.

Metadata
Attachments 2