oidc4zbx.zip
[ZBXNEXT-4663] Support OpenID Connect authentication Created: 2018 Aug 01 Updated: 2018 Aug 02 Resolved: 2018 Aug 02 |
|
| Status: | Closed |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | Frontend (F) |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature Request | Priority: | Trivial |
| Reporter: | AJelenc | Assignee: | Unassigned |
| Resolution: | Workaround proposed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
oidc4zbx.zip
|
| Description |
What is OpenID Connect?"OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner." (http://openid.net/connect) Why?With OpenID Connect we delegate our user authentication from Zabbix front-end to another trusted party. In enterprise environments, there are heavy requirements for 2FA and Single Sign-On. All this can be achieved using OpenID Connect. What is already done?
I am really interested in integrating OpenID Connect into Zabbix's next release, so I am available for making some more changes if necessary.
|
| Comments |
| Comment by Gregory Chalenko [ 2018 Aug 01 ] |
|
Wouldn't it be better to delegate openid authentication to web server module (for example mod_auth_openidc for apache) and use already implemented in Zabbix HTTP authentication? After |
| Comment by AJelenc [ 2018 Aug 02 ] |
|
I totally missed that option, thank you for bringing up HTTP authentication. I agree, that's way better. I am going to close this issue now. |
| Comment by AJelenc [ 2018 Aug 02 ] |
|
Using zabbix HTTP authentication we delegate openid connect authenticatio to web server module. |