Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-6564

Support Bearer Authentication for HTTP Agent

    XMLWordPrintable

Details

    • New Feature Request
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Server (S)
    • None

    Description

      Add bearer token support with keycloak / openid for HTTP Agent checks.

      There are cases when data is received from the API and bearer authentication is mandatory. Therefore, we need to automatically receive a bearer token in zabbix server from the iam server before the API is called.

      the solution can be represented as follows
      a) add client_id, client_secret, (username/password are optional) to zabbix
      b) add auth server url, realm name (example for keycloak https://iam.server/auth, which containts https://iam.server/auth/realms/RealmNameHere/.well-known/openid-configuration)
      c) when http agent is running, zabbix sends a request to the iam server to receive a token and then connects to the destination point with this token
      d) token has a lifetime and can be reused many times during its lifetime.
      e) when the token expires - a request is sent to iam server to receive/renew a new token (for these purposes there is a refresh token, but it is also limited by the SSO session lifetime, at the expiration of which a new token must be obtained using credentials above)

      Attachments

        Activity

          People

            wiper Andris Zeila
            yauheni Zhenua Prot.
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: