-
Change Request
-
Resolution: Unresolved
-
Major
-
None
-
3.0.19
-
Red Hat 7: 3.10.0-514.el7.x86_64
PHP: 5.4.16 (cli) (built: Jan 23 2018 07:26:54)
httpd: Server version: Apache/2.4.6
Hi, zabbix offcial:
the initial feature request described in zabbix-forum
https://www.zabbix.com/forum/zabbix-help/52013-zabbix-has-plan-to-integrate-keycloak-as-sso
Copy the abstract solution here again:
1. Package the authentication-relevant-php-files(e.g:CUser.php) as a RPM (: named zabbix-keycloak-plugins)
2. install zabbix-keycloak-plugins after zabbix-official rpms
3. USER request zabbix
4. zabbix-redirect User to keycloak server
5. Keycloak AUTH ok, return "code" and "state" to zabbix
6. zabbix exchange JWT token from keycloak with "code" and "state"
7. zabbix store J*WT token* into DB and parse JWT Token.
8. Based on Parsed JWT token, zabbix build result-Array contains authentication information (:The Array, zabbix used for INTERNAL authentication method)
9. USER access Zabbix...finally.
The below picture show the simple UI from USERs perspective.