Hi,
We're using Active Directory module for logging in our users.
We'd like to have our support portal to automatically log our users in without
the need to manually enter username and password every time user visits nagios.
We could just HTTP POST the data to nagios login but unfortunately this
seems to be prevented as CSRF attack as stated here:
http://support.nagios.com/wiki/index.ph ... .22_Errors
Is there way to disable this CSRF protection?
Any ideas would be welcome.
Thanks!
Automatic login with Active Directory users
-
tentaclefi
- Posts: 3
- Joined: Thu Aug 15, 2013 5:07 am
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Automatic login with Active Directory users
You could look into using each users backend api token for the initial page load and session start. Otherwise no at this point there is not a way to remove that csrf protection. I will say that other companies have implemented similar login strategies, although the end result is not generally shared back with us.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.