zabbix SSO

PreparationAdd applicationConfiguration protocolDownload certificateConfigure ZABBIX Certificate keyzabbix Certification configurationAdd zabbix userLog in to Zabbix

• zabbixMust be 5.0 above versions，Otherwise, the SAML2 protocol is not supported
  
• Pre -configure private keys and certificates for ZABBIX，The file suffix is named.KEY and.crt，Store in the ZABBIX configuration directory，Generally/etc/zabbix/web/certs/
  

Log in to the ARKID platform，Enter【Application management】-> 【Application List】, Clicked【Add to】Button, Create an application called Zabbix，Application url is ZABBIX_WEB_HOST/index_sso.php

After the addition is completed, click on the right on the right【Configuration protocol】The button enters the protocol configuration window，Select the protocol type Gathering_CERT ，Fill in related data in turn
+ acs : Assertion Consumer URL It should be set to \<path_to_zabbix_ui>/index_sso.php?acs
+ sls: Single Logout URL It should be set to \<path_to_zabbix_ui>/index_sso.php?sls
+ entity_id: Keep it consistent with the settings of ZABBIX

Click to confirm and enter the editing page，After pulling down, you can see the attribute you read only,Download IDP certificate via the link，And copy IDP SSO URL and other backup

Place the IDP certificate on the Zabbix configuration directory，Generally/etc/zabbix/web/certs/，Put with the Zabbix certificate
【Notice】：
need to use SAML Authentication，Zabbix The private key and certificate should be configured and stored in/etc/zabbix/web/conf/certs/（Different from the version or installation method may be different，I have the test environment here as zabbix5.4 + docker） middle，unless zabbix.conf.php It provides a custom path。
by default，Zabbix Will find in the following position：
+ conf/certs/sp.key === "SPPrivate key file"
+ conf/certs/sp.crt === "SP Certificate file"
+ conf/certs/idp.crt === "IDP Certificate file"
The file name of the file when storing must be SP/idp.crt sp.key

Enter the zabbix page authentication configuration page，As shown in the figure below，Pay attention to replace IDP entity ID and SSO service URL

Use users who are consistent with the user name of Arkid in ZABBIX（Such as admin，Need to distinguish writing）,And give enough permissions

Enter Arkid Desktop，Click ZABBIX card，After multiple jumps, you can enter Zabbix as a configuration user.

评论