search

it-novum / openITCOCKPIT

openITCOCKPIT is an Open Source system monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus.
https://openitcockpit.io/
GNU General Public License v3.0
273 stars 50 forks source link

Fallback URL query for "SSO.FORCE_USER_TO_LOGINPAGE" #1542

Open kbilev opened 1 year ago

kbilev commented 1 year ago

Is your feature request related to a problem? Please describe. No direct problem, but what happens if "SSO.FORCE_USER_TO_LOGINPAGE" is enabled and for a reason the SSO Service is not available? If "SSO.FORCE_USER_TO_LOGINPAGE" is enabled, the login form is disabled, so no possibility to login via the local user

Describe the solution you'd like Maybe it would be a good idea to add a system setting like "SSO.FALLBACK_QUERY" and add a check in the UsersController to disable the redirection if the query is included in the login URL (/login?disable_redirect=true")

Describe alternatives you've considered Disable Javascript in the browser to disable the redirect, but also the login form uses javascript. This seems a bad workaround

Best Regards, Kevin

nook24 commented 1 year ago

Hi @kbilev another workaround would be to disable the redirect with a SQL query like so:

UPDATE systemsettings SET `value` = 0 WHERE `key` = "FRONTEND.SSO.FORCE_USER_TO_LOGINPAGE";

Hope this helps

kbilev commented 1 year ago

Hello @nook24, yes this would be a possible workaround for my mentioned case where the SSO Service is not available. If I want to use some local users for testing/debugging and also redirect SSO Users, this workaround would not work. The easiest workaround for our use case was to comment out the "if ($forceRedirectSsousersToLoginScreen === false):" in the Users/login.php template to have the login form still available on the login page and cancel the javascript redirect in the browser (Escape) Best Regards, Kevin

nook24 commented 1 year ago

While I was going to implement the query string parameter, I noticed some issue. The login template itself does not contain any form information, when the SSO redirect is enabled. The template URL is hardcoded and can not take any parameters (at least to my knowledge).

My attempt is currently disabling the redirect, but the user has no login fields. Not that helpful :(

I have pushed my code into the branch issue-1542 feel free to use this as entry point.

kbilev commented 1 year ago

I have created a pull request to your branch with a working solution based on your work. As I am no php nor Cake expert, I don't know if this solution is okay