753484 – [RFE] Kerberos sign in should fall back to landing page username + password login form

Bug 753484 - [RFE] Kerberos sign in should fall back to landing page username + password login form

Summary: [RFE] Kerberos sign in should fall back to landing page username + password l...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	756082
TreeView+	depends on / blocked

Reported:	2011-11-12 21:43 UTC by Brian Cook
Modified:	2013-09-08 23:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-2.2.0-3.el6
Doc Type:	Enhancement
Doc Text:	Cause: When Kerberos single sign on to IPA Web UI fails, IPA Web UI does not have means to fall back to login+password authentication. Consequence: Workstations outside of IPA Kerberos realm or with in-compatible browsers cannot access the IPA Web UI unless a fallback from Kerberos authentication to login+password authentication is configured on the IPA web server. Change: IPA Web UI is now able to fall back to form based authentication when Kerberos authentication cannot be used. Result: Users outside of IPA Kerberos realm or with in-compatible browsers can now login with their login and passwords.
Clone Of:
Environment:
Last Closed:	2012-06-20 13:17:10 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0819	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2012-06-19 20:34:17 UTC

Description Brian Cook 2011-11-12 21:43:35 UTC

When Kerberos single sign on fails, IPA should fall back to a landing page with a username + password login form that also has directions on it to install the single sign on plugin if the platform supports it

This would enable better cross-browser compatibility and access from workstations where the kereberos browser plug-in cannot be installed.

Comment 3 Rob Crittenden 2011-11-15 15:36:32 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2109

Comment 4 Martin Kosek 2011-11-16 12:44:39 UTC

Ticket 2109 was closed as duplicate.

The BZ is now linked to the following upstream ticket:
https://fedorahosted.org/freeipa/ticket/2095

Comment 5 Rob Crittenden 2012-03-06 15:15:53 UTC

Fixed upstream:

master: ee780df13c99a5465cd6df965772260c297a5eb2

ipa-2-2: 135e208a665a6f9b7cbba32371b35f8ea705c9cb

Be more forgiving about content-type format:

master: 610420bd2ab976ea9e35e6d010e3f1c9f572c646

ipa-2-2: d5fbb878eee78eeccae0baca12f38a29ed07085d

Comment 7 Martin Kosek 2012-04-19 12:23:40 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: When Kerberos single sign on to IPA Web UI fails, IPA  Web UI does not have means to fall back to login+password authentication.
Consequence: Workstations outside of IPA Kerberos realm or with in-compatible browsers cannot access the IPA Web UI unless a fallback from Kerberos authentication to login+password authentication is configured on the IPA web server.
Change: IPA Web UI is now able to fall back to form based authentication when Kerberos authentication cannot be used.
Result: Users outside of IPA Kerberos realm or with in-compatible browsers can now login with their login and passwords.

Comment 8 Namita Soman 2012-05-08 16:43:07 UTC

verified using ipa-server-2.2.0-12.el6.x86_64

On a windows machine, used IE to access a ipa server. was able to login using form based auth, browsed through UI.
Also logged in as a non-admin user (whose password doesn't need to be reset) and got to page with user details.

Comment 10 errata-xmlrpc 2012-06-20 13:17:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.