This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/integrations/services/zabbix/index.md
2021-06-23 18:02:49 +02:00

2.2 KiB

title
Zabbix

What is Zabbix

From https://www.zabbix.com/features

:::note Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.

Zabbix is Open Source and comes at no cost. :::

Preparation

The following placeholders will be used:

  • zabbix.company is the FQDN of the Zabbix install.
  • authentik.company is the FQDN of the authentik install.

Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:

  • ACS URL: https://zabbix.company/zabbix/index_sso.php?acs
  • Issuer: zabbix
  • Service Provider Binding: Post

You can of course use a custom signing certificate, and adjust durations.

Zabbix Configuration

Navigate to https://zabbix.company/zabbix/zabbix.php?action=authentication.edit and select SAML settings to configure SAML.

Check the box to enable SAML authentication.

Set the Field IdP entity ID to zabbix.

Set the Field Username attribute to http://schemas.goauthentik.io/2021/02/saml/username

Set the Field SP entity ID to https://authentik.company/application/saml/zabbix/sso/binding/redirect/

Set the Field SP name ID format to urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Check the box for Case sensitive login.

For the SAML Service Provider Certificate and SAML Service Provider Private Key, you can either use custom certificates, or use the self-signed pair generated by authentik.

Copy the cert and key to /usr/share/zabbix/conf/certs/, the system looks for sp.key and sp.crt by default.

The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php)

$SSO['SP_KEY'] = '<path to the SP private key file>';
$SSO['SP_CERT'] = '<path to the SP cert file>';

For additional security you can enable the Verification Certificate by checking the Sign -> AuthN requests in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file.

$SSO['IDP_CERT'] = '<path to the IDP cert file>';