check_http with SSO over redirct

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Post Reply
uc-vel
Posts: 7
Joined: Wed Jan 13, 2021 6:19 pm

check_http with SSO over redirct

Post by uc-vel »

Hello All,

I have a problem with check_http monitoring a website with SSO login (Shibboleth IdP) over redirected pages.
Not sure if it is cookie issue, if it is, do we have a workaround for it ?

# /usr/local/nagios/libexec/check_http -S -t 30 -H www.xxxxx.yyy -u /zzzzzzz/ --sni -f follow -vvv
SSL initialized
GET /zzzzzzz/ HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*


https://www.xxxxx.yyy:443/zzzzzzz/ is 216 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Location: https://www.xxxxx.yyy:443/zzzzzzz/SAML/ ... zzzzzzz%2F
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 0
Connection: close
**** CONTENT ****

Redirection to https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F
SSL initialized
GET /zzzzzzz/SAML/SingleSignOn?ReturnUrl=%2Fzzzzzzz%2F HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*


https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F is 2485 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... OOLw%3D%3D
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 1173
Connection: close
Set-Cookie: ASP.NET_SessionId=2u1l2izoefmtxzmtmz0dcvmy; path=/; HttpOnly; SameSite=Lax
**** CONTENT ****
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.xxxxxxx.yyy/idp/profile/SAM ... e</a>.</h2>
</body></html>

Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZLtS8MwEMb%2FlZLvbdqs4gzbYG6IBV%2FKOkX8Iml61UCb1Fzi9L%2B37XxFFD%2Fm4Z57fneXGYq26fjSuwe9gUcP6IJsPSd37IhNmYwhTMppFaaTMg3FlMUhk%2BVU1LGE9DAmwTVYVEbPCYv6V4boIdPohHa9FLM0jFmYHG3ZhB8c8pRF6UFyS4J1n6K0cKPzwbkOOaWq6iIpdAnWiggqHwk%2FaLSzplYN0GJ5fsboBiplQTpaFJckODFWwsg%2BJ7VoEAaGXCCqJ%2FhQcmuckaY5VrpS%2Bn5OvNXcCFTItWgBuZN8aM77GXi5L0J%2But3mYX5ZbEmwRAQ7wK6MRt%2BCLcA%2BKQlXm7NP%2FN1u9wM%2F0w7siZBwM9LT3xqR4LltNPLxFn%2FzdW%2FDkMVsqObjyu0X%2F9928U5AFv8En9EvOfvQjl%2F0jbN1bholX4YjtML9nptEyaioKqzHUu41diBVraDqt9s0ZreyIFx%2FMmd9vw262Kd%2B%2F5eLVw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rJoQTZbqV3iy7h37tYdcEr8nB4Uw4KU2oFBD52lynZOah51TGaeSIDdEtl4dk3wWqqKtqumb0ujLj9AuwfULi9tc4eRIYgrHNqSNWcD0V1wlqNj%2BdEBfCRAFr5LIS7M%2FkUV0H6lR%2BIBVuV4RZTA1t7wgEbUm4uxeoh5QOCrF105Ae3NQqaZqWK8KnEZvmpCVrJkNCw6HUjxShPHDniso6MszOEFvSS7gWNknfsNrptObjgIMWOaTSn3%2FlHSKR%2Fo38xLUQdcXv6diV1xII%2FlfmRy5PCaFqAZ7fAaEXNfn04zubmbLNyps%2Bi%2FouEvE6lviJIiMWXSnim8mvj89AnOOLw%3D%3D HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*


https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D is 1650 characters
STATUS: HTTP/1.1 302 Moved Temporarily
**** HEADER ****
Content-Length: 0
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
CContent-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... ution=e1s1
Set-Cookie: JSESSIONID=node0n752msm7mfjw17mj7vsjgqucj256709.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 d143ff54d809978a01bd0ec973b6c3b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: K4T9mhB-5CIkjs_-UScU0aeU_QK1HMu3_1WK9UssEtyRZXjDs9Znpw==
**** CONTENT ****

Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?execution=e1s1 HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*


https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1 is 3645 characters
STATUS: HTTP/1.1 500 Internal Server Error
**** HEADER ****
Content-Type: text/html;charset=utf-8
Content-Length: 2007
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
Content-Language: en-US
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.xxxxx.yyy/ https://*.experiencecloud.adobe.com https://*.adobe.com; upgrade-insecure-requests; base-uri 'none'
Set-Cookie: JSESSIONID=node01h907ehz4rpdm194dgzblt4811257393.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Error from cloudfront
Via: 1.1 3a3fd4c6610f69913daebe1ea7239b1a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: 8eEgc8ykbsesoot036ubEA_djvzELYnDmq3kctpsHXsA66HphEJB7w==
**** CONTENT ****

HTTP CRITICAL: HTTP/1.1 500 Internal Server Error - 3645 bytes in 0.182 second response time |time=0.181747s;;;0.000000 size=3645B;;;0
User avatar
danderson
Posts: 206
Joined: Wed Aug 09, 2023 10:05 am

Re: check_http with SSO over redirct

Post by danderson »

Thanks for reaching out @uc-vel,

It seems the URL you are monitoring returned a 500 error, which indicates a problem with the website itself.

If you manually, in a browser, navigate to the URL the 500 error happens at, what happens? I'm referring to "https://idp.xxxxxxx.yyy/idp/profile/SAM ... ution=e1s1"
Post Reply