Our Zabbix implementation is running behind CAS. With this, no password is sent from CAS to the application. This worked fine (1.8 through 2.0.1) until I upgraded to 2.0.2.
It looks as though index.php changed from 2.0.1 to 2.0.2, causing a “You cannot view this URL as a guest” error, even after a successful CAS authentication.
2.0.1:
if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
if (!empty($_SERVER['PHP_AUTH_USER'])) {
$_REQUEST['enter'] = _('Sign in');
$_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['password'] = 'zabbix';
2.0.2:
if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$_REQUEST['enter'] = _('Sign in');
$_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
Any HTTP authentication module that doesn't set password will be broken. Should this be filed as a bug, or is there some other intent?
It looks as though index.php changed from 2.0.1 to 2.0.2, causing a “You cannot view this URL as a guest” error, even after a successful CAS authentication.
2.0.1:
if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
if (!empty($_SERVER['PHP_AUTH_USER'])) {
$_REQUEST['enter'] = _('Sign in');
$_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['password'] = 'zabbix';
2.0.2:
if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$_REQUEST['enter'] = _('Sign in');
$_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
Any HTTP authentication module that doesn't set password will be broken. Should this be filed as a bug, or is there some other intent?
Comment