Login Failed with api user and internal authentication when HTTP authentication is set.

XMLWordPrintable

    • Type: Incident report
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: 2.2.2, 2.2.3rc1, 2.2.3rc2, 2.2.3
    • Component/s: API (A)
    • Environment:
      Debian Wheezy

      Hi,
      We updated one of our Zabbix servers from 2.0.9 to 2.2.3 (from sources), and our api user couldn't login anymore.
      We use HTTP authentication behind a SSO portal for GUI login, and the 'api' user is set to internal authentication, as we want to bypass our SSO portal, only for the /api_jsonrpc.php url.
      I reviewed the code, and the "bug" seems to come from the svn commit on revision r30062, correcting bug ZBX-5463 on file frontends/php/api/classes/CUser.php
      It seems that when ZBX_AUTH_HTTP is set in the general configuration, it overrides all other types of authentication, and that the api user cannot login with ZBX_AUTH_INTERNAL anymore.
      I created a 'quick and dirty' patch for this file, to change this mecanism only for the specific api url (attached).
      Thanks

        1. CUser.php.patch
          0.4 kB

            Assignee:
            Unassigned
            Reporter:
            Guillaume
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: