Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove logoff option when using basic authentication #4180

Closed
TheWitness opened this issue Mar 19, 2021 · 2 comments
Closed

Remove logoff option when using basic authentication #4180

TheWitness opened this issue Mar 19, 2021 · 2 comments
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@TheWitness
Copy link
Member

Describe the bug

When using SSO methods in Cacti with Basic Authentication, Cacti has not way to invalidate the session as it's controlled by the SSO provider, so there should not be a logoff link on the Cacti pages.

Expected behavior

Less confusion user interface.

@TheWitness TheWitness added the bug Undesired behaviour label Mar 19, 2021
@TheWitness TheWitness added this to the v1.2.17 milestone Mar 19, 2021
TheWitness added a commit that referenced this issue Mar 19, 2021
- When using 'basic' authentication, there should be no logoff link as it's not possible
@TheWitness TheWitness added the resolved A fixed issue label Mar 19, 2021
@netniV
Copy link
Member

netniV commented Mar 22, 2021

Actually, you can make Basic Auth sign out using a bit of javascript. You clear the auth cache and that should do it, something like:

<script type="text/javascript">
function logout() {
    var xmlhttp;
    if (window.XMLHttpRequest) {
        xmlhttp = new XMLHttpRequest();

        xmlhttp.open("GET", '/ERROR/401', true, "logout", "logout");
        xmlhttp.send("");
        xmlhttp.onreadystatechange = function() {
            if (xmlhttp.readyState == 4) {window.location.href='/';}
        }
    } else if (window.ActiveXObject) { // code for IE
        xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");

        // IE clear HTTP Authentication
        document.execCommand("ClearAuthenticationCache");
        window.location.href='/where/to/redirect';
    }

    return false;
}
</script>

@TheWitness
Copy link
Member Author

TheWitness commented Mar 23, 2021

When using siteminder, your only choice is to have the siteminder logoff URL and redirect the client to that location. At that point I suspect that the client would be again redirected to the corporate sign in page.

@netniV netniV changed the title When using 'basic' authentication, there should be no logoff link as it's not possible Remove logoff option when using basic authentication since Cacti can't always honor the feature Apr 12, 2021
@netniV netniV changed the title Remove logoff option when using basic authentication since Cacti can't always honor the feature Remove logoff option when using basic authentication Apr 12, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Jul 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants