-
Problem report
-
Resolution: Incomplete
-
Trivial
-
None
-
4.0.16
-
None
-
None
-
Centos 7
note: According to RPM my version of Zabbix across the board is 4.0.13 and there is no newer update for it however 4.0.13 is not listed in the version drop-down.
Steps to reproduce:
- Install Apache mod_auth_openidc to allow for SSO and configure it.
- Switch to HTTP Authentication, with the HTTP login screen and set the domains to remove pingsso.*.come:9031 [pingsso,*,com]or any array of values I tried
- Open zabbix in another browser window etc and go through SSO login. It still provides $user@$domain:9031 however it is not stripping the information in index_http.php
Result:
I am only able to login with users that I have created that have the domain still in the username as the http_strip_domains functionality is not stripping out the domain.
Expected:
In this example I am logging in after modifying index_http.php and adding the 'OIDC_CLAIM_sub' as the first thing that is passed through the loop looking for existing variables and 'OIDC_CLAIM_sub' only provides my username. I do not want to have to do this, I want to be able to use the config options in zabbix so that I don't have random edits around that are not part of upstream codebase.
foreach (['OIDC_CLAIM_sub', 'PHP_AUTH_USER', 'REMOTE_USER', 'AUTH_USER'] as $key) { if (array_key_exists($key, $_SERVER) && $_SERVER[$key] !== '') { $http_user = $_SERVER[$key]; break; } }