Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  2. ZBXNEXT-4573

Single Sign-on using webserver


    • Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 42, Sprint 43
    • 8

      User stories

      When Apache Auth directives are configured for all Zabbix frontend pages:

      • As a Zabbix user, after migration from Zabbix 3.X with HTTP enabled, I want it still be impossible to login using Internal/LDAP password without signing in with Apache first.

      When Apache Auth directives are configured only to login_http.php page:

      • As a Zabbix user, I can login with HTTP(using Kerberos or others types) or using Internal/LDAP passwords
      • As a Zabbix admin, I can choose whether to redirect unauthorized users to HTTP login or Zabbix login form


      1. If HTTP auth is enabled:
        1. Any zabbix users, regardless of their user groups, can sign in with HTTP auth if their alias match
        2. It's still must be possible to sign in using standard zabbix login page using Internal or LDAP passwordif web server is setup accordingly)
      2. HTTP auth and standard zabbix login pages must have separate URLs directly accessible.
        1. If HTTP auth is globally disabled, then HTTP auth page must redirect to Internal auth page
      3. It must be possible to remove domain part of the username received from web server. i.e. username@ADNAME becomes just username

            gcalenko Gregory Chalenko
            palivoda Rostislav Palivoda
            Team D
            1 Vote for this issue
            13 Start watching this issue