Fix login_kerberos on the IPA API

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/ipa/server/files/ipa-rewrite.conf

@@ -21,8 +21,12 @@ RewriteEngine on
 # Rewrite for plugin index, make it like it's a static file
 RewriteRule ^/ipa/ui/js/freeipa/plugins.js$    /ipa/wsgi/plugins.py [PT]
 
-# The following disables the annoying kerberos popup for browsers on windows
-RewriteCond %{HTTP_COOKIE} !ipa_session
-RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$
-RewriteRule ^/ipa/session/json$ - [R=401,L]
-RedirectMatch 401 ^/ipa/session/login_kerberos
+# The following lines break the python-freeipa library that Noggin and FASJSON
+# use. Don't enable them until we have found another way to make windows
+# browsers happy.
+# Maybe something like: https://github.com/gssapi/mod_auth_gssapi#example-1
+# # The following disables the annoying kerberos popup for browsers on windows
+# RewriteCond %{HTTP_COOKIE} !ipa_session
+# RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$
+# RewriteRule ^/ipa/session/json$ - [R=401,L]
+# RedirectMatch 401 ^/ipa/session/login_kerberos