Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Is there any information on how to enable Nagios to work with CA SiteMinder? My internal SiteMinder SME is enabling it on the Apache HTTP Server (v2.4.26) that Nagios Core (v.4.3.2) is fronted with. However, any info on changes that need to be made to Nagios to understand that SM session that comes across?
Currently I have mod_ldap in use in Apache HTTP Server using basic authentication mechanism, but desire SSO, so that is why I am enabling SiteMinder.
Please disreguard all the info about recompiling apache etc. If your Nagios webserver is accessed via SiteMinder, it is vary easy to implement. All that is necessary is to set a variable in your SiteMinder file that is passed back to the Nagios application after auth. I will forward the info. ref the Siteminder configuration later today. We have over 10,000 users with no problems. .
I did a search at the Nagios Exchange site and didn't find any documentation on SiteMinder and Single Sign On.
You can take a look there yourself and see if you can find some instructions that are similar to what you are looking to do. https://exchange.nagios.org/
Be sure to check out our Knowledgebase for helpful articles and solutions!
tgriep wrote:I did a search at the Nagios Exchange site and didn't find any documentation on SiteMinder and Single Sign On.
You can take a look there yourself and see if you can find some instructions that are similar to what you are looking to do. https://exchange.nagios.org/
Their approach requires modified nagios source code where you permit the cgi code to accept a cookie sent from the webserver as authentication mechanism. If Single Sign On works, it passes the cookie and the group. The same would apply for SiteMinder as it passes SM_USER and SM_GROUP (I think those are the right names) and this code could be used. I just need to decide if I want to go down this road.
Too bad I have no idea who Larry Bills is, and what he told that guy.
OKAY, no worries. I may just abandon this approach. Thx.
i know some SSO's simply 'map' on the backend, so if you're able to some how 'proxy' basic auth, or pass that on the backend you could probably accomplish this. this would entail having SSO reach out to LDAP and pass headers back to Nagios, which should work.
if you only have a few different user levels, you could probably map AD groups <-> single nagios users.
