On Tue, Aug 18, 2015 at 02:58:50PM -0700, Janelle wrote: > Tried that -- but it gives a blank screen. I will try playing with it some > more. At least I know we are thinking in the same ballpark
I was able to set this up just fine with freeipa-server-4.1.4-4.fc22.x86_64. You need to disable the # Redirect to the secure port if not displaying an error or retrieving # configuration. RewriteCond %{SERVER_PORT} !^443$ RewriteCond %{REQUEST_URI} !^/ipa/(errors|config|crl) RewriteCond %{REQUEST_URI} !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$ RewriteRule ^/ipa/(.*) https://ipa.example.test/ipa/$1 [L,R=301,NC] part on the IPA server or you will get infinite redirection loop. Also you will need to test it through that SSL proxy, not directly against http://ipa.example.test/, or authentication on the WebUI will not work -- the session cookie is marked as Secure so the browser will not store it when it comes via http, plus the UI checks referer to start with https://. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project