6.3. Removing Browser Configuration for Ticket Delegation (For Upgrading from 6.2)
delegation-urisparameter to the
about:configsetup in Firefox:
For browsers which have already been configured to use the Identity Management web UI, the
delegation-uris setting can be cleared after upgrading to
The browser configuration is defined in the
configure.jar file. This JAR file is generated when the server is installed and it is not updated with other files when IdM is updated. Any browsers configured will still have the
delegation-uris parameter set unnecessarily, even after the IdM server is upgraded. However, the
configure.jar file can be updated.
delegation-urisparameter. The updated
preferences.htmlfile can be added to
configure.jar, and then
configure.jarcan be re-signed and re-deployed on the IdM servers.
configure.jarfile on the initial IdM server. This is the master server, and it is the only server which has a signing certificate. Then propagate the updated file to the other servers and replicas.
- Update the packages on the initial IdM master server (the first instance). This will bring in the 3.0 UI packages, including the
- Back up the existing
[root@ipaserver ~]# mv /usr/share/ipa/html/configure.jar /usr/share/ipa/html/configure.jar.old
- Create a temporary working directory.
[root@ipaserver ~]# mkdir /tmp/sign
- Copy the updated
preferences.htmlfile to the working directory.
[root@ipaserver ~]# cp /usr/share/ipa/html/preferences.html /tmp/sign
- Use the
signtoolcommand (one of the NSS utilities) to add the new
preferences.htmlfile and re-sign the
[root@ipaserver ~]# signtool -d /etc/httpd/alias -k Signing-Cert -Z /usr/share/ipa/html/configure.jar -e ".html" -p `cat /etc/httpd/alias/pwdfile.txt` /tmp/signThe
-eoption tells the tool to sign only files with a
-Zoption creates a new JAR file.
- Copy the regenerated
configure.jarfile to all other IdM servers and replicas.