mod_lookup_identity checks one URL parameter during login using certificate and tries to get the user name provided during login from this parameter. Name of the URL parameter has to be configured in apache. Without configuration mod_lookup_identity does not check the URL and therefore login using certificates does not work correctly when one certificate is mapped to more users.
Proposed changes: IPA webui adds 'username' as URL parameter. This parameter name should be set in IPA httpd conf by default.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1441192
Issue linked to bug 1441192
Metadata Update from @pvomacka: - Issue assigned to dkupka
Metadata Update from @pvomacka: - Issue set to the milestone: FreeIPA 4.5.1
ipa-4-5:
a9721e5 WebUI: cert login: Configure name of parameter used to pass username master:
157831a WebUI: cert login: Configure name of parameter used to pass username
Metadata Update from @pvomacka: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Reopening, regression found: https://github.com/freeipa/freeipa/pull/779
Metadata Update from @mbasti: - Issue status updated to: Open (was: Closed)
master:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.