New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebUI: Certificate login #559
Conversation
@pvomacka NACK, see lint errors in travis. |
03d32ee
to
8bd36a3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I looked mostly at UI, backend will need other reviewer.
this.cert_btn_node = IPA.button({ | ||
name: 'cert_auth', | ||
title:"Login using personal certificate", | ||
label: "Smart Card Login", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Title sounds correct, but the title of the button: "Smart Card" is IMO too specific. User can login with cert even without smart card.
@@ -72,9 +78,12 @@ define(['dojo/_base/declare', | |||
|
|||
user_locked: "The user account you entered is locked. ", | |||
|
|||
login_url: '/ipa/session/login_x509', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be called e.g. x509_url
login is too general.
@pvoborni thank you for review. Fixed all proposed changes. |
install/conf/ipa.conf
Outdated
GssapiDelegCcachePerms mode:0660 gid:ipaapi | ||
GssapiImpersonate On | ||
NSSVerifyClient require | ||
NSSOCSP On |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NSSOCSP can't be specified inside . That's why Travis crashes.
2c34b32
to
0c4c802
Compare
Add necessary steps which set SSSD and set SELinux boolean during installation or upgrade. Also create new endpoint in apache for login using certificates. https://pagure.io/freeipa/issue/6225
Also add error message when login failed. https://pagure.io/freeipa/issue/6225
LGTM and works. |
NACK NACK NACK |
You need to wait to get th gssproxy fix I've been developing today and set the minimum gssproxy version to the one with the fix once we get to publish it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove that line
Removed in #585 once it will be pushed I will close this one again. |
#585 was pushed |
https://pagure.io/freeipa/issue/6225