diff --git a/library/Icinga/Authentication/User/ExternalBackend.php b/library/Icinga/Authentication/User/ExternalBackend.php index 3baf1c8e0..7e9f7baba 100644 --- a/library/Icinga/Authentication/User/ExternalBackend.php +++ b/library/Icinga/Authentication/User/ExternalBackend.php @@ -55,18 +55,20 @@ class ExternalBackend implements UserBackendInterface /** * Get the remote user from environment or $_SERVER, if any * - * @param string $variable The name variable where to read the user from + * @param string|null $variable The name variable where to read the user from * * @return string|null */ public static function getRemoteUser($variable = 'REMOTE_USER') { - $username = getenv($variable); - if ($username !== false) { - return $username; - } - if (array_key_exists($variable, $_SERVER)) { - return $_SERVER[$variable]; + foreach (($variable === null ? array('REMOTE_USER', 'REDIRECT_REMOTE_USER') : array($variable)) as $variable) { + $username = getenv($variable); + if ($username !== false) { + return $username; + } + if (array_key_exists($variable, $_SERVER)) { + return $_SERVER[$variable]; + } } return null; } @@ -77,9 +79,9 @@ class ExternalBackend implements UserBackendInterface */ public function authenticate(User $user, $password = null) { - $username = static::getRemoteUser(); + $username = static::getRemoteUser(null); if ($username !== null) { - $user->setExternalUserInformation($username, 'REMOTE_USER'); + $user->setExternalUserInformation($username, null); if ($this->stripUsernameRegexp) { $stripped = preg_replace($this->stripUsernameRegexp, '', $username); diff --git a/modules/setup/application/forms/AdminAccountPage.php b/modules/setup/application/forms/AdminAccountPage.php index 439a3beb2..6e8fe26dc 100644 --- a/modules/setup/application/forms/AdminAccountPage.php +++ b/modules/setup/application/forms/AdminAccountPage.php @@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms; use Exception; use Icinga\Application\Config; +use Icinga\Authentication\User\ExternalBackend; use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\LdapUserBackend; @@ -269,8 +270,8 @@ class AdminAccountPage extends Form */ protected function getUsername() { - $name = getenv('REMOTE_USER'); - if ($name === false) { + $name = ExternalBackend::getRemoteUser(null); + if ($name === null) { return ''; } diff --git a/modules/setup/application/forms/AuthenticationPage.php b/modules/setup/application/forms/AuthenticationPage.php index 132f9377b..d90b52a09 100644 --- a/modules/setup/application/forms/AuthenticationPage.php +++ b/modules/setup/application/forms/AuthenticationPage.php @@ -3,6 +3,7 @@ namespace Icinga\Module\Setup\Forms; +use Icinga\Authentication\User\ExternalBackend; use Icinga\Web\Form; use Icinga\Application\Platform; @@ -30,7 +31,8 @@ class AuthenticationPage extends Form */ public function createElements(array $formData) { - if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) { + if (isset($formData['type']) && $formData['type'] === 'external' + && ExternalBackend::getRemoteUser(null) === null) { $this->info( $this->translate( 'You\'re currently not authenticated using any of the web server\'s authentication '