Este conteúdo não está disponível no idioma selecionado.
6.3. Removing Browser Configuration for Ticket Delegation (For Upgrading from 6.2)
delegation-uris
parameter to the about:config
setup in Firefox:
network.negotiate-auth.delegation-uris .example.com
For browsers which have already been configured to use the Identity Management web UI, the delegation-uris
setting can be cleared after upgrading to ipa-server-3.0.0
or ipa-client-3.0.0
.
delegation-uris
setting.
The browser configuration is defined in the configure.jar
file. This JAR file is generated when the server is installed and it is not updated with other files when IdM is updated. Any browsers configured will still have the delegation-uris
parameter set unnecessarily, even after the IdM server is upgraded. However, the configure.jar
file can be updated.
preferences.html
file in configure.jar
sets the delegation-uris
parameter. The updated preferences.html
file can be added to configure.jar
, and then configure.jar
can be re-signed and re-deployed on the IdM servers.
Note
configure.jar
file on the initial IdM server. This is the master server, and it is the only server which has a signing certificate. Then propagate the updated file to the other servers and replicas.
- Update the packages on the initial IdM master server (the first instance). This will bring in the 3.0 UI packages, including the
configure.jar
file. - Back up the existing
configure.jar
file.[root@ipaserver ~]# mv /usr/share/ipa/html/configure.jar /usr/share/ipa/html/configure.jar.old
- Create a temporary working directory.
[root@ipaserver ~]# mkdir /tmp/sign
- Copy the updated
preferences.html
file to the working directory.[root@ipaserver ~]# cp /usr/share/ipa/html/preferences.html /tmp/sign
- Use the
signtool
command (one of the NSS utilities) to add the newpreferences.html
file and re-sign theconfigure.jar
file.[root@ipaserver ~]# signtool -d /etc/httpd/alias -k Signing-Cert -Z /usr/share/ipa/html/configure.jar -e ".html" -p `cat /etc/httpd/alias/pwdfile.txt` /tmp/sign
The-e
option tells the tool to sign only files with a.html
extension. The-Z
option creates a new JAR file. - Copy the regenerated
configure.jar
file to all other IdM servers and replicas.