[OBS-4214] Can't open a link to Observium without entering Page URL manually - Observium

Details

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: None
Affects Version/s: Professional Edition
Component/s: Web Interface
Labels:
- Authentication
- web
Environment:

Hide
|*Observium*|22.6.12183 (28th June 2022)|
|*OS*|Linux 4.19.0-21-amd64 [amd64] (Debian 10)|
|*Apache*|2.4.38 (Debian)|
|*PHP*|7.3.31-1~deb10u1 (OPcache: ENABLED) (Memory: 128MB)|
|*Python*|2.7.16|
|*MariaDB*|10.3.34-MariaDB-0+deb10u1 (extension: mysqli 5.0.12-dev)|
|*SNMP*|NET-SNMP 5.7.3|
|*RRDtool*|1.7.1 (rrdcached 1.7.1: unix:/var/run/rrdcached.sock)|
|*Fping*|4.2 (IPv4 and IPv6)|
h3. Browser & Timezone Information
|*User-Agent*|Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36|
|*Browser*|Chrome 104.0 (Macintosh)|
|*Screen Resolution*|2560x1440|
|*Timezone*|+02:00 (System), +02:00 (PHP), +02:00 (DB), +02:00 (User)|

Show
|*Observium*|22.6.12183 (28th June 2022)| |*OS*|Linux 4.19.0-21-amd64 [amd64] (Debian 10)| |*Apache*|2.4.38 (Debian)| |*PHP*|7.3.31-1~deb10u1 (OPcache: ENABLED) (Memory: 128MB)| |*Python*|2.7.16| |*MariaDB*|10.3.34-MariaDB-0+deb10u1 (extension: mysqli 5.0.12-dev)| |*SNMP*|NET-SNMP 5.7.3| |*RRDtool*|1.7.1 (rrdcached 1.7.1: unix:/var/run/rrdcached.sock)| |*Fping*|4.2 (IPv4 and IPv6)| h3. Browser & Timezone Information |*User-Agent*|Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36| |*Browser*|Chrome 104.0 (Macintosh)| |*Screen Resolution*|2560x1440| |*Timezone*|+02:00 (System), +02:00 (PHP), +02:00 (DB), +02:00 (User)|

Description

We have another System where I implemented some of the Observium Graphs via the graph api, and i wanted to link to the corresponding page in observium. But whenever i Open the Link i get a ton of 302 redirects which then breaks because of " too many redirects".

I don't know what to change. i allready tryed to change the CORS headers in apache, but that didn't resolve the issue.

I attached the config files which i think are necessary

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

000-default.conf
2 kB
2022/08/11 01:23 PM
config.php
2 kB
2022/08/11 01:23 PM

Activity

[OBS-4214] Can't open a link to Observium without entering Page URL manually

Axel Lodyga added a comment - 2022/08/19 03:12 PM

its working with 'Lax'

Axel Lodyga added a comment - 2022/08/19 03:12 PM its working with 'Lax'

Mike Stupalov added a comment - 2022/08/19 02:28 PM

Should be fixed in r12251.

Mike Stupalov added a comment - 2022/08/19 02:28 PM Should be fixed in r12251.

Mike Stupalov added a comment - 2022/08/19 02:14 PM

Ohh, I not understand trouble initially.

Can you try with set this policy to 'Lax' in code?

Mike Stupalov added a comment - 2022/08/19 02:14 PM Ohh, I not understand trouble initially. Can you try with set this policy to 'Lax' in code?

Axel Lodyga added a comment - 2022/08/19 01:19 PM

Hey @Mike Why is the ticket marked as resolved, and moved to helping? You just didn't get what my problem.
The problem is not api related, the problem is that links from external websites to obersevium can't open because of the strict policy in the cookie.

Axel Lodyga added a comment - 2022/08/19 01:19 PM Hey @Mike Why is the ticket marked as resolved, and moved to helping? You just didn't get what my problem. The problem is not api related, the problem is that links from external websites to obersevium can't open because of the strict policy in the cookie.

Axel Lodyga added a comment - 2022/08/17 09:48 AM

Hy Mike, thats not quite what i wan't. I would like to have authentication needed, for the graphs as for the the normal observium view. But the "OBSID" Cookie you set has a "Strict" Site policy, that prohibits oben a link to obersvium from another webpage. and this config should be optional ( but recommendet ).

Axel Lodyga added a comment - 2022/08/17 09:48 AM Hy Mike, thats not quite what i wan't. I would like to have authentication needed, for the graphs as for the the normal observium view. But the "OBSID" Cookie you set has a "Strict" Site policy, that prohibits oben a link to obersvium from another webpage. and this config should be optional ( but recommendet ).

Mike Stupalov added a comment - 2022/08/17 09:33 AM

You can use one of this config.php option(s):

$config['allow_unauth_graphs']      = 0;       // Allow graphs to be viewed by anyone

$config['allow_unauth_graphs_cidr'] = []; // Allow graphs to be viewed without authorisation from certain IP ranges

For example:

$config['allow_unauth_graphs_cidr'] = [

 '10.0.0.0/8', '192.168.0.0/16'

];

Mike Stupalov added a comment - 2022/08/17 09:33 AM You can use one of this config.php option(s): $config['allow_unauth_graphs'] = 0; // Allow graphs to be viewed by anyone $config['allow_unauth_graphs_cidr'] = []; // Allow graphs to be viewed without authorisation from certain IP ranges For example: $config['allow_unauth_graphs_cidr'] = [ '10.0.0.0/8', '192.168.0.0/16' ];

Axel Lodyga added a comment - 2022/08/12 08:37 AM

Okay I digged a little deeper. if don't use https and don't open the link in a new tab (target="_blank");
at least i get a login screen ( even the cookie ( remember me) is set. but whatever i do i can't login.

Okay now i found the Problem:
in

html/includes/authenticate.inc.php in line 67

the cookie is set with the following parameter:

  'samesite' => 'Strict'

you should make this a configurable option.

If you comment out this line, everything works as expected.

Axel Lodyga added a comment - 2022/08/12 08:37 AM Okay I digged a little deeper. if don't use https and don't open the link in a new tab (target="_blank"); at least i get a login screen ( even the cookie ( remember me) is set. but whatever i do i can't login. Okay now i found the Problem: in html/includes/authenticate.inc.php in line 67 the cookie is set with the following parameter: 'samesite' => 'Strict' you should make this a configurable option. If you comment out this line, everything works as expected.

Observium Bot added a comment - 2022/08/11 01:26 PM

General questions and device support can be discussed in our Discord channel, click here to join.

Please make and attach additional information about the device:

full snmp dump from device:

snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -ObentxU <hostname> .1 > myagent.snmpwalk

snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk

If device not support SNMP version 2c, replace -v2c with -v1.

If you have problems with discovery or poller processes, please do and attach these debugs:
./discovery.php -d -h <device>
./poller.php -d -h <device>

additionally attach device and/or vendor specific MIB files

This comment is added automatically.

Observium Bot added a comment - 2022/08/11 01:26 PM General questions and device support can be discussed in our Discord channel, click here to join . Please make and attach additional information about the device: full snmp dump from device: snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -ObentxU <hostname> .1 > myagent.snmpwalk snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk If device not support SNMP version 2c, replace -v2c with -v1. If you have problems with discovery or poller processes, please do and attach these debugs: ./discovery.php -d -h <device> ./poller.php -d -h <device> additionally attach device and/or vendor specific MIB files This comment is added automatically.

People

Assignee:: Mike Stupalov

Reporter:: Axel Lodyga

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022/08/11 01:26 PM

Updated:: 2022/08/19 03:12 PM

Resolved:: 2022/08/19 02:28 PM