Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-6564

Support Bearer Authentication for HTTP Agent

    XMLWordPrintable

    Details

    • Type: New Feature Request
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Server (S)
    • Labels:
      None

      Description

      Add bearer token support with keycloak / openid for HTTP Agent checks.

      There are cases when data is received from the API and bearer authentication is mandatory. Therefore, we need to automatically receive a bearer token in zabbix server from the iam server before the API is called.

      the solution can be represented as follows
      a) add client_id, client_secret, (username/password are optional) to zabbix
      b) add auth server url, realm name (example for keycloak https://iam.server/auth, which containts https://iam.server/auth/realms/RealmNameHere/.well-known/openid-configuration)
      c) when http agent is running, zabbix sends a request to the iam server to receive a token and then connects to the destination point with this token
      d) token has a lifetime and can be reused many times during its lifetime.
      e) when the token expires - a request is sent to iam server to receive/renew a new token (for these purposes there is a refresh token, but it is also limited by the SSO session lifetime, at the expiration of which a new token must be obtained using credentials above)

        Attachments

          Activity

            People

            Assignee:
            wiper Andris Zeila
            Reporter:
            yauheni Zhenua Prot.
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: