1

In FreeIPA, when browsing to the web UI, a failed authentication session should redirect to http://<servername>/browserconfig.html. Mine does not.

Maybe I'm over complicating things, but the default FreeIPA Apache ipa.conf appears to disable non-kerberos sessions for the directory.

Following is excerpt of ipa.conf 

# Protect /ipa and everything below it in webspace with Apache Kerberos auth
<Location "/ipa">
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  KrbServiceName HTTP
  KrbAuthRealms <servername>
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  KrbConstrainedDelegation on
  Require valid-user
  ErrorDocument 401 /ipa/errors/unauthorized.html
</Location>

Unfortunately, this does not work on my server. When I fail authentication, I get a 404 Not Found message instead. I'm not sure why.

Abhijeet Kasurde
  • 983
  • 9
  • 20
ndemarco
  • 213
  • 1
  • 2
  • 13

1 Answers1

1

If authentication is invoked from Web UI(ipa/ui/index.html#something) then failed attempt should be reported in the login page, there is no automatic redirection to browserconfig.html.

Login page since IPA 4.1 contains link to browserconfig.html in the instruction section on the right.

I'm actually not sure what you mean by "When I fail authentication, I get a 404 Not Found message instead" because you didn't specify the steps you've done(use SSO/form based login/have a old session)...

pvoborni
  • 26
  • 1
  • Login using SSO fails. I am not able to access the webform login. The webform access has been sporadic. I should be able to access the browserconfig.html at any time, signed in or not. – ndemarco May 12 '15 at 20:34