What is OpenID Connect?

"OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner." (http://openid.net/connect) 

Why?

With OpenID Connect we delegate our user authentication from Zabbix front-end to another trusted party. In enterprise environments, there are heavy requirements for 2FA and Single Sign-On. All this can be achieved using OpenID Connect.

What is already done?

• I have integrated OpenID Connect mechanism into Zabbix 4.0.0alpha8 web frontend (all files are in the attachment below)
• My documentation can be found inside OIDC.md file.
• Some database changes have been done and are visible inside schema.sql.
• Verifying JWT Tokens are made using php-jwt library (https://github.com/firebase/php-jwt).

 

I am really interested in integrating OpenID Connect into Zabbix's next release, so I am available for making some more changes if necessary.