Nathan Lager wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/20/2012 02:26 PM, Rob Crittenden wrote:
Have you configured the browser for Kerberos?
http://docs.fedoraproject.org/en-US//Fedora/15/html/FreeIPA_Guide/using-the-ui.html
That error seems to indicate that the domain isn't defined in
network.negotiate-auth.trusted-uris
regards
rob
I've been through the clicky-clicky that ipa's web gui sends you
through (accepting the certs, and configuring the browser), a number
of times. I just confirmed the trusted uri's and delegation uris.
They are both correct, they look like: .my.ipa.domain.com
I even tried resetting delegation-uris, and trusted-uri's to the
default, and then allowing the ipa web gui to re-configure them, it
hasnt helped.
Thanks for the response. Sorry for the delay in mine.
Hmm, that is very strange. The code in question in Firefox looks like:
bool allowed = TestPref(uri, kNegotiateAuthTrustedURIs);
if (!allowed) {
LOG(("nsHttpNegotiateAuth::ChallengeReceived URI blocked\n"));
return NS_ERROR_ABORT;
}
which seems to be the error you are seeing. It's a shame there isn't
more logging around the uris.
I see that you had enabled debug logging on the Apache side. Can you
provide some more context on the failed request?
thanks
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
