-
New Feature Request
-
Resolution: Workaround proposed
-
Trivial
-
None
-
None
-
None
What is OpenID Connect?
"OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner." (http://openid.net/connect)
Why?
With OpenID Connect we delegate our user authentication from Zabbix front-end to another trusted party. In enterprise environments, there are heavy requirements for 2FA and Single Sign-On. All this can be achieved using OpenID Connect.
What is already done?
- I have integrated OpenID Connect mechanism into Zabbix 4.0.0alpha8 web frontend (all files are in the attachment below)
- My documentation can be found inside OIDC.md file.
- Some database changes have been done and are visible inside schema.sql.
- Verifying JWT Tokens are made using php-jwt library (https://github.com/firebase/php-jwt).
I am really interested in integrating OpenID Connect into Zabbix's next release, so I am available for making some more changes if necessary.