Web UI has an inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

part of: https://fedorahosted.org/freeipa/ticket/5927
-- 
Petr Vobornik
From a15518f25eb339ab2bc90dbc304648a9fd266e51 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 30 Jun 2016 19:16:32 +0200
Subject: [PATCH] webui: prevent infinite reload for users with krbbprincipal
 alias set

Web UI has inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

https://fedorahosted.org/freeipa/ticket/5927
---
 install/ui/src/freeipa/ipa.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js
index 830def0542faeb14b62b71fb80c753bc121cace7..e8ad832c3aacc0fcd824af3e1956ff621ae761ed 100644
--- a/install/ui/src/freeipa/ipa.js
+++ b/install/ui/src/freeipa/ipa.js
@@ -259,7 +259,11 @@ var IPA = function () {
             },
             on_success: function(data, text_status, xhr) {
                 that.whoami = batch ? data.result[0] : data.result.result[0];
-                that.principal = that.whoami.krbprincipalname[0];
+                var cn = that.whoami.krbcanonicalname;
+                if (cn) that.principal = cn[0];
+                if (!that.principal) {
+                    that.principal = that.whoami.krbprincipalname[0];
+                }
             }
         });
     };
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to