Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16801

Allow to logout in SSO mode (example for admin login)

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • 4.4.0
    • Frontend (F)
    • FrontEnd
      CentOS. 8.x

      When using zabbix server frontend in a Single Sign On (SSO) environment one cannot do logout and login as another user (example: as an admin user).

       

      Steps to reproduce:

      1. Have apache (example with apache mod_auth_gssapi kerberos enabled for "location" /index_http.php) and the frontend http authentication configured with kerberos SSO with Active Directory (AD)
      2. Open zabbix frontend, SSO will log you automatically with your logged in AD user
      3. Now try to click the logout button

       

      Result:
      Reloads the page (probably logs out and SSO log in again) and you are still logged in.

       

      Expected:
      Logout (for instance set a cookie for zabbix server not do the auto SSO login for x seconds). And them allow to login as another user (ex: admin user login).

       

      Further information:

      As far as i can tell, logout process in done in js here (https://github.com/zabbix/zabbix/blob/master/frontends/php/js/init.js#L44-L52) and them here in php (https://github.com/zabbix/zabbix/blob/master/frontends/php/index.php#L44-L47).

      Redirecting to index.php, which in turn, in zabbix HTTP authetication mode redirects to index_http.php (here https://github.com/zabbix/zabbix/blob/master/frontends/php/index.php#L62-L67), so will SSO login again with current logged in user.

            zabbix.dev Zabbix Development Team
            andre.silva André Pereira da Silva
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: