Cecilia Gripenberg – Senior Consultant
Deep knowledge of Icinga, op5 Monitor and Nagios. Plugin developer and automation engineer with focus on Ansible.
When it comes to ITRS OP5 Monitor, most users use either Active Directory or a local database for user authentication. But both these solutions have their limitations:
But what if your users are all in an in-cloud user database like Google or Okta or Azure AD? This is where ITRS OP5 Monitor’s Header Authentication comes in. It allows users to be authenticated using HTTP headers which are passed whenever pages are loaded. This means the sign-in process is completely transparent to the user. By combining this with a proxy server and an authentication system, you can get single-sign on implemented.
Components:
Modify your /etc/op5/auth.yaml configuration file so that it includes the following lines:
common:
enable_auto_login: true
HeaderAuth:
driver: “Header”
header_username: “X-Username”
header_realname: “X-Realname”
header_email: “X-Email”
header_groups: “X-Groups”
group_list_delimiter: “,”
You’ll then need to configure Apache to serve web pages on localhost, otherwise any user can merely pass the right headers to impersonate users.
echo -e ‘Listen 127.0.0.1:10080\nListen 127.0.0.1:10443 https’ > /etc/httpd/conf.d/ports.conf
Then restart Apache2.
Modify your nginx configuration, see our example configuration file here.
Install vouch-proxy. You can either run this locally or as a docker container.
Configure vouch-proxy and add your Google OIDC credentials:
vouch:
domains:
– example.comoauth:
provider: google
# get credentials from https://console.developers.google.com/apis/credentials
client_id: 000000000-xxyxyxyxyxyxy9x88x8z.apps.googleusercontent.com
client_secret: _1234890-ABCDEFKXX
callback_urls:
– https://op5.example.com/auth
preferredDomain: example.com
After this you should be able to browse to https://op5.example.com/monitor/ and login with your Google credentials.
Should you need any assistance configuring SSO for your ITRS OP5 Monitor environment or support for group assignment, please don’t hesitate to contact us.
If you’d like more monitoring guides, make sure to follow us on LinkedIn.
Cecilia Gripenberg – Senior Consultant
Deep knowledge of Icinga, op5 Monitor and Nagios. Plugin developer and automation engineer with focus on Ansible.