Page 2 of 2
Re: Custom Login Component
Posted: Mon Sep 17, 2012 11:48 am
by disrael
I am going to see if I can set the cookies sessions to be expired as a way to get around modifying the utils.conf.inc.
Also, the sytems will not be internet facing and I explained to my manager about the hijacking session and he sees it as the way to impliment this, unless someone else has a better idea. Our abilities are limited by policies.
Is there a function that I can call for when a user clicks logout? I would like to end the S3 session so a user doesn't get the Nagios login prompt.
Also, on a different topic, it doesn't look like I am able to download modules from my nagios site. I click on the icon and get a blank page.
Thanks again!
-Doron
Re: Custom Login Component
Posted: Mon Sep 17, 2012 1:02 pm
by mguthrie
Is there a function that I can call for when a user clicks logout? I would like to end the S3 session so a user doesn't get the Nagios login prompt.
No, I checked the code and it doesn't look like there's a callback for it. You'll probably have to do an apache redirect.
Also, on a different topic, it doesn't look like I am able to download modules from my nagios site. I click on the icon and get a blank page.
When you right click and copy the link location, what URL does it generate?
Also, tail the apache log, a blank page means a PHP fatal error.
Re: Custom Login Component
Posted: Wed Sep 19, 2012 8:02 am
by disrael
mguthrie wrote:Is there a function that I can call for when a user clicks logout? I would like to end the S3 session so a user doesn't get the Nagios login prompt.
No, I checked the code and it doesn't look like there's a callback for it. You'll probably have to do an apache redirect.
Also, on a different topic, it doesn't look like I am able to download modules from my nagios site. I click on the icon and get a blank page.
When you right click and copy the link location, what URL does it generate?
Also, tail the apache log, a blank page means a PHP fatal error.
Great idea on the redirect!
Code: Select all
#Works for redirecting non authorized users to not auth message
RewriteCond %{QUERY_STRING} redirect=.+
RewriteRule ^/nagiosxi/login.php http://nagios-test1.corp.foo.com/notauth.html [QSA]
#Works for redirecting to cookie clear session
RewriteCond %{QUERY_STRING} logout
RewriteRule ^/nagiosxi/login.php http://nagios-test1.corp.foo.com/login.php [R=301,L,NE]
For the bottom rule I clear the nagiosxi cookie and the s3 session cookie to make the user login again. Though it looks like when they try to login again it won't bring them to the app, like I was hoping. I have the php script I wrote to tell them to close the browser to renter the app. I am going to look into a different solution instead of modifying the utils.inc, that way any updates won't break this.
Re: Custom Login Component
Posted: Wed Sep 19, 2012 9:01 am
by scottwilkerson
Thanks for keeping us up to date.
Re: Custom Login Component
Posted: Thu Sep 20, 2012 2:04 pm
by disrael
I think I invented magic with the help of everyone here. Looks like everything is working smoothly. I need to get some poor saps to test it for me to verify it is working the way it should be.
Re: Custom Login Component
Posted: Thu Sep 20, 2012 2:24 pm
by mguthrie
Good deal, glad it's working for you!