On 10/05/2012 05:30 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Fri, 2012-10-05 at 17:33 +0300, Alexander Bokovoy wrote:
On Fri, 05 Oct 2012, Endi Sukma Dewata wrote:
On 10/5/2012 8:56 AM, Alexander Bokovoy wrote:
On Thu, 04 Oct 2012, Petr Vobornik wrote:
On 10/03/2012 04:19 PM, Simo Sorce wrote:
On Wed, 2012-10-03 at 15:50 +0200, Petr Vobornik wrote:
As Alexander proposed in other channel. I will remove the
configure.jar and offer the old configuration method if user is
< 4 so we don't have to make the extension compatible with this
version. It will be done this way:
If FF < 4 is detected:
* in browserconfig.html steps 2 and 3 will be grayed-out and
with step 2a with a link to ssbrowser.html and a description
* ssbrowser.html will be enhanced by steps for autoconfiguration
We can also show the steps in browserconfig, but I want to have it
somehow available even if user is not using FF<4 to keep general
awareness about the problem and also to be usable if version
fails. Other possible problem with steps in browserconfig is
styles of buttons (to keep the same styles we would have to include
css files and jquery.js to configure.jar, which I don't want to
Excellent plan, we should try to reduce the amount of work, and
old browsers use the old method is perfectly fine.
If FF15 is the only browser that fails with the old method I
go as far as testing exclusively with FF15 and have anything <
the old method.
Updated patches attached.
browserconfig.html points to older config method for versions
The extension is theoretically compatible with FF3.6 and then FF10
later. There is a problem for FF4-9 with loading strings from
.properties file. FF3.6 is working because it doesn't use
I also notice that we have an existing issue when navigating to
pages right away before accepting any certificate. Those pages are
using some resorces from /ui/ folder which is redirected to https.
These resources are not loaded because certificate isn't imported. If
user is going straight for Web UI, he won't encounter this issue, but
I tested this patchset and apart from the non-obvious extension
description displayed when installing it, which is based on a
everything is great.
It works for me too. Just some questions:
1. It looks like the Firefox is limited to version 10 to 15 in
install/ffextension/install.rdf. Do we need the upper limit?
My understanding is that maxversion represents maximum tested version.
[https://developer.mozilla.org/en-US/docs/Install_Manifests] but the
document doesn't say if the extension stops being installable on newer
versions. I tried maxversion=14.0.* on FF15 and it worked.
2. In install/html/ssbrowser.html the step 5 is optional. Should we
explain what's that for or why we need it? General users could be
confused and stuck if they are given choices that they don't
understand. It's probably better to make it a required step if it
doesn't cause any problem.
<li> 5. Optional: Repeat the above procedure for the
<tt>network.negotiate-auth.delegation-uris</tt> entry, using the same
delegation-uris setting should be removed. It is not needed since we
started using s4u2proxy mechanism.
Yes and we removed it because it is potentially a dangerous setting.
It should be generally discouraged and enabled only for specific fqdn's
not wildcard ones in future.
I've pushed these 4 patches to master and ipa-3-0.
Petr, please submit a patch to remove/clarify references to
>From 89279cf52e12fed1cde7bb5bac248e975ec36e7a Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Fri, 5 Oct 2012 17:39:18 +0200
Subject: [PATCH] Removal of delegation-uris instruction from browser config
Delegation is not needed since support of s4u2proxy mechanism.
install/html/ssbrowser.html | 1 -
1 file changed, 1 deletion(-)
diff --git a/install/html/ssbrowser.html b/install/html/ssbrowser.html
index 285b1d1239288badca56ab29c4694c6722fdd534..9e17b5fb04951ad8d05077a62ddb809441c58104 100644
@@ -63,7 +63,6 @@
<li> 2. In the Filter field, type <tt>negotiate</tt> to restrict the list of options. </li>
<li> 3. Double-click the <tt>network.negotiate-auth.trusted-uris</tt> entry to display the Enter string value dialog box. </li>
<li> 4. Enter the name of the domain against which you want to authenticate, for example, <tt class="example-domain">.example.com.</tt> </li>
- <li> 5. Optional: Repeat the above procedure for the <tt>network.negotiate-auth.delegation-uris</tt> entry, using the same domain. </li>
<li><strong> You are all set. </strong></li>
Freeipa-devel mailing list