Re: [Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set

[Martin Basti]

On 30.06.2016 19:54, Martin Babinsky wrote:

On 06/30/2016 07:34 PM, Petr Vobornik wrote:

Web UI has an inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

part of: https://fedorahosted.org/freeipa/ticket/5927



This patch is the WebUI counterpart to my WIP hacks to rpcserver.py 
which possible to login to webui via enterprise principal (e.g. 
u...@email.com).


for me ACK.


Pushed to master: 88f7154f7fcb1ca86dcbeeaca3c220ed4b88d55f

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set

[Martin Babinsky]

On 06/30/2016 07:34 PM, Petr Vobornik wrote:

Web UI has an inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

part of: https://fedorahosted.org/freeipa/ticket/5927



This patch is the WebUI counterpart to my WIP hacks to rpcserver.py 
which possible to login to webui via enterprise principal (e.g. 
u...@email.com).


for me ACK.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 961 webui: prevent infinite reload for users with krbbprincipal alias set

[Petr Vobornik]

Web UI has an inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

part of: https://fedorahosted.org/freeipa/ticket/5927
-- 
Petr Vobornik
From a15518f25eb339ab2bc90dbc304648a9fd266e51 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 30 Jun 2016 19:16:32 +0200
Subject: [PATCH] webui: prevent infinite reload for users with krbbprincipal
 alias set

Web UI has inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

https://fedorahosted.org/freeipa/ticket/5927
---
 install/ui/src/freeipa/ipa.js | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/install/ui/src/freeipa/ipa.js b/install/ui/src/freeipa/ipa.js
index 830def0542faeb14b62b71fb80c753bc121cace7..e8ad832c3aacc0fcd824af3e1956ff621ae761ed 100644
--- a/install/ui/src/freeipa/ipa.js
+++ b/install/ui/src/freeipa/ipa.js
@@ -259,7 +259,11 @@ var IPA = function () {
 },
 on_success: function(data, text_status, xhr) {
 that.whoami = batch ? data.result[0] : data.result.result[0];
-that.principal = that.whoami.krbprincipalname[0];
+var cn = that.whoami.krbcanonicalname;
+if (cn) that.principal = cn[0];
+if (!that.principal) {
+that.principal = that.whoami.krbprincipalname[0];
+}
 }
 });
 };
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code