Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove WWW-Authenticate header and replace with form based login where possible #7718

Open
MLenterman opened this issue Oct 18, 2024 · 1 comment
Open

Remove WWW-Authenticate header and replace with form based login where possible #7718

MLenterman opened this issue Oct 18, 2024 · 1 comment
Labels
Bug FF! Console Frank!Framework Needs Triage Security
Milestone
9.1

Comments

@MLenterman
Copy link

Current Behavior

When I try clicking the logout button in the top right corner, it brings me to the login screen for about a second, but then automatically goes back to the adapter overview, still being logged in. After being taken back to the adapter overview, the logout button is no longer visible. Under the username a loading icon is shown now.

Reload without cache or clearing cookies, etc doesn't work either.

Expected Behavior

.

Environment Information

FF! 8.3.0-20240910.042339: zaakbrug 1.22.2
Running on zaakbrug-5b976d4dcd-x9gqg using Apache Tomcat/10.1.28
Java Version: OpenJDK Runtime Environment (21.0.4+7-LTS)
Heap size: 472.6 MiB, total JVM memory: 4.0 GiB
Free memory: 3.5 GiB, max memory: 4.0 GiB
Free disk space: 162.7 GiB, total disk space: 250.9 GiB

Steps To Reproduce

No response

Configuration

No response

Input

No response

What database are you using?

No response

What browsers are you seeing the problem on?

Firefox

Relevant Log Output

No response

Anything else?

On Kubernetes
@nielsm5 nielsm5 added this to the 9.0 milestone Oct 21, 2024
@nielsm5
Copy link
Member

nielsm5 commented Dec 3, 2024
edited
Loading

This seems to be related to FireFox, see this issue that has been opened for 17 years. I recommend using a REAL browser. (for realizies though, we should probably stop using the www-authenticate header).

Container based authentication requires the WWW-Authenticate header, others do not. The authenticator implementations should force the client to either use form based login (and logout) or httpBasic with a given realm. When httpBasic is used, no logout button should be visible in the console

@nielsm5 nielsm5 changed the title Console logout function not working when authentication configured with localUsers.yml Remove WWW-Authenticate header and replace with form based login where possible Dec 3, 2024
@nielsm5 nielsm5 modified the milestones: 9.0, 9.1 Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug FF! Console Frank!Framework Needs Triage Security
Projects
Frank!Framework
Status: No status
Milestone
9.1
Development

No branches or pull requests
2 participants
@nielsm5 @MLenterman