-
Incident report
-
Resolution: Unresolved
-
Trivial
-
None
-
4.4.0
-
FrontEnd
CentOS. 8.x
When using zabbix server frontend in a Single Sign On (SSO) environment one cannot do logout and login as another user (example: as an admin user).
Steps to reproduce:
- Have apache (example with apache mod_auth_gssapi kerberos enabled for "location" /index_http.php) and the frontend http authentication configured with kerberos SSO with Active Directory (AD)
- Open zabbix frontend, SSO will log you automatically with your logged in AD user
- Now try to click the logout button
Result:
Reloads the page (probably logs out and SSO log in again) and you are still logged in.
Expected:
Logout (for instance set a cookie for zabbix server not do the auto SSO login for x seconds). And them allow to login as another user (ex: admin user login).
Further information:
As far as i can tell, logout process in done in js here (https://github.com/zabbix/zabbix/blob/master/frontends/php/js/init.js#L44-L52) and them here in php (https://github.com/zabbix/zabbix/blob/master/frontends/php/index.php#L44-L47).
Redirecting to index.php, which in turn, in zabbix HTTP authetication mode redirects to index_http.php (here https://github.com/zabbix/zabbix/blob/master/frontends/php/index.php#L62-L67), so will SSO login again with current logged in user.