Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/3094 netscape.security.PrivilegeManager.enablePrivilege() call was deprecated in Firefox 15 and can't be used. It completely breaks IPA browser configuration in signed .jar file. (https://test.example.com/ipa/config/browserconfig.html). FF team recommends to make FF extension for any code which uses privileged code. https://bugzilla.mozilla.org/show_bug.cgi?id=546848 https://bugzilla.mozilla.org/show_bug.cgi?id=757046 I think making FF extension just for configuring kerberos auth for one site is bad. I propose to give priority to ticket #823 We can offer configuration steps for: FF <= 14, FF >= 15, IE and Chrome. For FF <= 14 I would keep the configure.jar method.
I can run the UI on FF15. So please provide steps to recreate the issue described here.
(In reply to comment #2) > I can run the UI on FF15. So please provide steps to recreate the issue > described here. But can you authenticate with your Kerberos ticket? Authentication via user+password is not affected with this issue.
In https://<ipa server>/config/browserconfig.html there is the 'configure browser' button. In FF 15 it doesn't do anything (from user perspective). There is an error in web console (Ctrl+Shift+K), but user can't see it. The outcome is that we can't configure automatically FF config options like network.negotiate-auth.trusted-uris and therefore, as Martin wrote, SSO doesn't work (if not configured manually).
Fixed upstream. This provides a new Firefox extension for 15+. Older browsers will rely on the signed javascript file. master: 696fce5c8d4e480c6a731686c8952a4e7ace575f 247a3a43b7fb9eac9af9497e61cdc9c964bee4ff 206b6ca04b0e06b3bebf34d985f5310489fd7aac b4e19509c034942a4f6bc99c371774a0944b65eb 4e72bc7fc8e8cc677d67919cde70eb1df47f1d81 ipa-3-0: 1212e867986aca1f030433f9f40908361629198c e13a88a2e59a6cdee806fdc4a619a22bba9c3f35 2ba1fb5f87875a8793aad35224cb24d3b89f9883 8b9d0e1160683f0a759c5818f0aab8c2c18bf802 f9bafb2958c3ea1e60856f21a28776026de2b305
Created attachment 689183 [details] browser configuation page works verified in firefox ESR 10.0.10,which corresponds with Firefox 16.0.2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html