Re: [Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set
On 30.06.2016 19:54, Martin Babinsky wrote: On 06/30/2016 07:34 PM, Petr Vobornik wrote: Web UI has an inbuilt mechanism to reload in case response from a server contains a different principal than the one loaded during Web UI startup. see rpc.js:381 With kerberos aliases support the loaded principal could be different because krbprincipalname contained multiple values. In such case krbcanonicalname should be used - it contains the same principal as the one which will be in future API responses. part of: https://fedorahosted.org/freeipa/ticket/5927 This patch is the WebUI counterpart to my WIP hacks to rpcserver.py which possible to login to webui via enterprise principal (e.g. u...@email.com). for me ACK. Pushed to master: 88f7154f7fcb1ca86dcbeeaca3c220ed4b88d55f -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set
On 06/30/2016 07:34 PM, Petr Vobornik wrote: Web UI has an inbuilt mechanism to reload in case response from a server contains a different principal than the one loaded during Web UI startup. see rpc.js:381 With kerberos aliases support the loaded principal could be different because krbprincipalname contained multiple values. In such case krbcanonicalname should be used - it contains the same principal as the one which will be in future API responses. part of: https://fedorahosted.org/freeipa/ticket/5927 This patch is the WebUI counterpart to my WIP hacks to rpcserver.py which possible to login to webui via enterprise principal (e.g. u...@email.com). for me ACK. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set
Web UI has an inbuilt mechanism to reload in case response from a server contains a different principal than the one loaded during Web UI startup. see rpc.js:381 With kerberos aliases support the loaded principal could be different because krbprincipalname contained multiple values. In such case krbcanonicalname should be used - it contains the same principal as the one which will be in future API responses. part of: https://fedorahosted.org/freeipa/ticket/5927 -- Petr Vobornik From a15518f25eb339ab2bc90dbc304648a9fd266e51 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 30 Jun 2016 19:16:32 +0200 Subject: [PATCH] webui: prevent infinite reload for users with krbbprincipal alias set Web UI has inbuilt mechanism to reload in case response from a server contains a different principal than the one loaded during Web UI startup. see rpc.js:381 With kerberos aliases support the loaded principal could be different because krbprincipalname contained multiple values. In such case krbcanonicalname should be used - it contains the same principal as the one which will be in future API responses. https://fedorahosted.org/freeipa/ticket/5927 --- install/ui/src/freeipa/ipa.js | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js index 830def0542faeb14b62b71fb80c753bc121cace7..e8ad832c3aacc0fcd824af3e1956ff621ae761ed 100644 --- a/install/ui/src/freeipa/ipa.js +++ b/install/ui/src/freeipa/ipa.js @@ -259,7 +259,11 @@ var IPA = function () { }, on_success: function(data, text_status, xhr) { that.whoami = batch ? data.result[0] : data.result.result[0]; -that.principal = that.whoami.krbprincipalname[0]; +var cn = that.whoami.krbcanonicalname; +if (cn) that.principal = cn[0]; +if (!that.principal) { +that.principal = that.whoami.krbprincipalname[0]; +} } }); }; -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code