tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow token refresh for external auth

Browse Source 
When using Icingaweb2 with external auth (such as OIDC) your token will eventually expire and the user has to relogin via the external provider. However, this does not work on ajax requests (as they cannot redirect the user). Most external auth plugins (such as mod_oidc) will return 401 instead of a redirect when they detect ajax requests. Icingaweb2 will show a 401 in a few places (example here: https://community.icinga.com/t/401-unauthorized-in-icingaweb2-with-external-auth/9563). With this change icingaweb2 will reload the window instead which in turn will trigger a redirect to the IDP. In most cases the user should get redirected back and should not even notice that his OIDC token got renewed.
This commit is contained in:
jabdoa2 2023-03-29 17:52:13 +02:00 committed by GitHub
parent 4b6df1bef9
commit 5287ecf4d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions

7
public/js/icinga/loader.js

@ -1015,7 +1015,12 @@
this.icinga.timer.unregister(req.progressTimer);
}
if (req.status > 0 && req.status < 501) {
if (req.status == 401) {
this.icinga.logger.debug(
'Request to ' + url + ' return 401. Will refresh page to trigger new login.'
);
window.refresh();
} else if (req.status > 0 && req.status < 501) {
this.icinga.logger.error(
req.status,
errorThrown + ':',