On 04/27/2015 06:06 PM, David Dimovski wrote:
Hi Folks,
does somebody have a best practice, how to access the IPA Web-UI with
different domain names?
Example:
Our IPA 4.1 have two different IPs (extern and intern) with two domain
names. The web gui is only accessible from the domain name, which IPA
was registered with (intern domain name). When trying to access with
the extern domain name, IPA is rewriting to the intern domain name.
After disabling the rewriting, the web ui is accessible from the two
domain names, but the login is not possible from the extern domain
name (only intern domain name), getting the following error:
Logout session expired.
Does sombody has a idea or a clue?
Many thanks in advance!
Best regards
David
Hi,
one possible solution would be to setup a reverse proxy with the
external domain name, which would be passing the requests from the
external world to the internal IPA sever.
However, the proxy would need to circumvent our XSS protection and
rewrite the HTTP_REFERRER header to the internal hostname.
I haven't tested it, so maybe additional issues would come up.
Tomas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
