Blob Blame History Raw
From 27f97386a0259a8b12700e5d671a2de86c98661f Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Thu, 17 Sep 2015 17:41:06 +0200
Subject: [PATCH] webui: use manual Firefox configuration for Firefox >= 40

The intended course of action is to show manual configuration in
browserconfig.html instead of configuration with the extension
for versions of Firefox >= 40.

The reasoning is:
* plan for enterprise environments was not published yet which
  forces as to use AMO (addons.mozilla.org)
* with AMO the user experience is worse than a manual configuration

steps for AMO:
* go to AMO page
* installed the extension
* go back to IPA page
* probably refresh
* click configure
* confirm

manual config:
* go to about:config
* set  network.negotiate-auth.trusted-uris with *domain.name

https://fedorahosted.org/freeipa/ticket/4906

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 install/html/browserconfig.html | 25 ++++++++++++++++++++++---
 install/html/ffconfig_page.js   | 24 +++++++++++++++++++++---
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/install/html/browserconfig.html b/install/html/browserconfig.html
index d721a4ad2a3b684a4bf45602584fee78f4613360..9c5cf68211281723e12b518f346aac43c1541cdc 100644
--- a/install/html/browserconfig.html
+++ b/install/html/browserconfig.html
@@ -69,7 +69,7 @@
                 <p>
             </div>
 
-            <div id="step2" class="step">
+            <div id="step2" style="display:none" class="step">
                 <h2>Step 2</h2>
                 <div id="ext-installed">
                     <p>
@@ -85,7 +85,7 @@
                 </div>
             </div>
 
-            <div id="step3" class="step">
+            <div id="step3" style="display:none" class="step">
                 <h2>Step 3</h2>
                 <p><a href="#configure-browser" id="configure-link" class="btn btn-default">Configure browser</a></p>
                 <p id="config-success" style="display:none">Browser successfully configured</p>
@@ -94,8 +94,27 @@
                 <p id="config-error" style="display:none">Configuration was not successful, unknown error uccured.</p>
             </div>
 
+            <div id="step2b" class="step">
+                <h2>Step 2</h2>
+                <ol>
+                    <li>
+                        In the address bar of Firefox, type <code>about:config</code> to display the list of current configuration options.
+                    </li>
+                    <li>
+                        In the Filter field, type <code>negotiate</code> to restrict the list of options.
+                    </li>
+                    <li>
+                        Double-click the <code>network.negotiate-auth.trusted-uris</code> entry to display the Enter string value dialog box.
+                    </li>
+                    <li>
+                        Enter the name of the domain against which you want to authenticate, for example, <code class="example-domain">.example.com.</code>
+                    </li>
+                </ol>
+            </div>
+
             <div id="step4" class="step">
-                <h2>Step 4</h2>
+                <h2 id="step4header" style="display:none">Step 4</h2>
+                <h2 id="step3bheader">Step 3</h2>
                 <p><a href="../ui/index.html" id="return-link" class="btn btn-default">Return to Web UI</a></p>
             </div>
        </div>
diff --git a/install/html/ffconfig_page.js b/install/html/ffconfig_page.js
index 4e59db0aa5424d3c664d3d651843b26b440d50a9..536332ee8358fb007da840b587df92e627dd7b58 100644
--- a/install/html/ffconfig_page.js
+++ b/install/html/ffconfig_page.js
@@ -87,7 +87,7 @@
 
         if (!browser.mozilla) {
             $('#wrongbrowser').show();
-            set_enabled(['#step1', '#step2', '#step3'], false);
+            set_enabled(['#step2b'], false);
         } else {
             // Disable for all version of FF older than 15. Theoretically
             // the extension is compatible with version 3.6, 10 and later
@@ -95,8 +95,26 @@
             // resource from chrome.manifest
             if (compare_version(browser.version, '15') === -1) {
                 $('#step2a').show();
-                set_enabled(['#step2', '#step3'], false);
-            }// else if (compare_version(version, '15') === -1) {
+                $('#step2').show();
+                $('#step3').show();
+                $('#step4header').show();
+                $('#step3bheader').hide();
+                set_enabled(['#step2', '#step3', '#step2b'], false);
+            }  else if (compare_version(browser.version, '40') === -1) {
+                // FF is > 15 < 40
+                // show krb extension method
+                $('#step2').show();
+                $('#step3').show();
+                $('#step4header').show();
+                $('#step3bheader').hide();
+                $('#step2b').hide();
+            }
+            // else
+            // Firefox since version 40 has new extension signing policy
+            // this policy prevents to use self-signed FF extension and
+            // thus a manual config is needed - which is the default (step2b)
+
+            // else if (compare_version(version, '15') === -1) {
 //                 $('#step2a').show();
 //                 $('#older-compatible').show();
 //                 $('#older-required').hide();
-- 
2.4.3