Nagios Support Forum

Posted: **Tue Nov 25, 2014 4:16 pm**

I’m using the following command to verify the ADFS login,

./check_http -H <adfs-servername> -f follow -I <server-ip> -u '/adfs/ls/IdpInitiatedSignon.aspx' -S --sni -a <userid>:<pwd> -s "Sign Out" -p 443
HTTP OK: HTTP/1.1 200 OK - 12182 bytes in 0.145 second response time |time=0.144998s;;;0.000000 size=12182B;;;0

If I gave the wrong credentials, I’m getting the same output. Then I have checked the access logs on the ADFS server, which showed the check actually doing the HTTP GET, not parsing the userid:pwd

Code: Select all

Nov 25 16:11:08 adfs-server MSWinEventLog|1|Security|37716|Tue Nov 25 16:11:07 2014|403|AD FS Auditing|UWO\SVC.ADFS|N/A|Success Audit|ADFS-server|None||An HTTP request was received.     Activity ID: 00000000-0000-0000-c804-0080010000f7     Request Details:       Date And Time: 2014-11-25 21:11:07       Client IP: x.x.x.x       HTTP Method: GET       Url Absolute Path: /adfs/ls/IdpInitiatedSignon.aspx       Query string: -       Local Port: 443       Local IP: x.x.x.x       User Agent: check_http/v2.0.2 (nagios-plugins 2.0.2)       Content Length: 0       Caller Identity: -       Certificate Identity (if any): -       Targeted relying party: -       Through proxy: True       Proxy DNS name: WAP2|37279

Here I'm checking the login of the SSO page straightaway without any redirection.

Thanks

Posted: **Tue Nov 25, 2014 5:16 pm**

Does this page use ntlm to authenticate instead of basic auth? If so, check_http will not work presently, as it does not have support for ntlm authentication.

Posted: **Wed Nov 26, 2014 12:04 pm**

Yes it is. In that case, is there any other plugin that I can use?

Thanks

Posted: **Wed Nov 26, 2014 12:16 pm**

You might want to look at the exchange for options:
http://exchange.nagios.org/directory/Pl ... LM/details
http://exchange.nagios.org/index.php?op ... hword=ntlm
Or:
https://labs.consol.de/nagios/check_webinject/

Posted: **Wed Nov 26, 2014 1:07 pm**

Sorry I’m wrong. AD FS is using the standards based WS-Federation protocol and Security Assertion Markup Language (SAML). Is there any plugin supports that?

I’ve tried check_form.pl
./check_form.pl -u "https://<server-name>/adfs/ls/IdpInitiatedSignon.aspx" -f "userName=xxxx&password=zzzzz" e "Sign Out" -c 10 -w 3 -d -v
500 SSL negotiation failed:
HTTPFORM CRITICAL: failed to retrieve expect string|time=0.090801s;3;10;0;10

One thing I noticed that when I do the simple URL check of the web server using check_http, I need to use “—sni” switch to make it work.
./check_http -H <adfs-servername> -f follow -I <server-ip> -u '/adfs/ls/IdpInitiatedSignon.aspx' -S –sni
If I don’t use it, I’m getting “CRITICAL - Cannot make SSL connection.”

Could it be check_from.pl is lacking with "--sni" support?

Thanks

Posted: **Wed Nov 26, 2014 1:51 pm**

It is certainly possible, but really depends on if that plugin uses internal perl functions or leverages something like curl or wget as those both support aspx pages. As for other plugins that support these authentication schemes, honestly I am unsure, but we can definitely take a look and get back to you!

Posted: **Mon Dec 15, 2014 4:46 pm**

Any luck on finding something that works?

Thanks

Posted: **Mon Dec 15, 2014 5:53 pm**

westernuniv wrote:Could it be check_from.pl is lacking with "--sni" support?

I believe so.

westernuniv wrote:Any luck on finding something that works?

Not as of yet, though I will try to bring Spenser into this tomorrow.

Nagios Support Forum

Monitor URL transactions

Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions

Re: Monitor URL transactions