Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23964

api_scim.php authentication bearer case sensitive

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 6.4.10, 7.0.0alpha9
    • Frontend (F)
    • None
    • Tested at VM installation with apache
      Testet ad Docker installation with apache

      Steps to reproduce:

      1. Install simple environment and enable SAML (no need for a working SAML environment)
      2. Create API key with super admin rights
      3. curl -v -X GET http://localhost/api_scim.php/Users?filter=userName+eq+%2208804361-82b0-4acd-b2ab-1be9fc33e797%22 -H "authorization: Bearer 91c1c211776400ccb0af2cca42057297f486394fc94bc9e6fce2c192f0c46580"

      Result:

      {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Not authorized.","status":403}

      Expected:
      If using Authorization with capital A:
      curl -v -X GET http://localhost/api_scim.php/Users?filter=userName+eq+%2208804361-82b0-4acd-b2ab-1be9fc33e797%22 -H "Authorization: Bearer 91c1c211776400ccb0af2cca42057297f486394fc94bc9e6fce2c192f0c46580

      Result:

      {"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"totalResults":0,"Resources":[]}

      According to [HTTP Protocol specification|
      https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2], HTTP headers need to be case insenitive. 

            zabbix.dev Zabbix Development Team
            Albert-Jan A.J. Goedhart
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: