Page 1 of 1
SiteMinder (SSO) in Nagios Core
Posted: Tue Jun 27, 2017 5:08 pm
by AGray
Is there any information on how to enable Nagios to work with CA SiteMinder? My internal SiteMinder SME is enabling it on the Apache HTTP Server (v2.4.26) that Nagios Core (v.4.3.2) is fronted with. However, any info on changes that need to be made to Nagios to understand that SM session that comes across?
Currently I have mod_ldap in use in Apache HTTP Server using basic authentication mechanism, but desire SSO, so that is why I am enabling SiteMinder.
In this mailing list thread I saw online (
https://sourceforge.net/p/nagios/mailma ... /16967295/) I see Larry Bills say:
Josh
Please disreguard all the info about recompiling apache etc. If your Nagios webserver is accessed via SiteMinder, it is vary easy to implement. All that is necessary is to set a variable in your SiteMinder file that is passed back to the Nagios application after auth. I will forward the info. ref the Siteminder configuration later today. We have over 10,000 users with no problems. .
Sincerely
Larry Bills
I wish I knew what he sent on to that guy Josh
Re: SiteMinder (SSO) in Nagios Core
Posted: Wed Jun 28, 2017 12:32 pm
by tgriep
I did a search at the Nagios Exchange site and didn't find any documentation on SiteMinder and Single Sign On.
You can take a look there yourself and see if you can find some instructions that are similar to what you are looking to do.
https://exchange.nagios.org/
Re: SiteMinder (SSO) in Nagios Core
Posted: Wed Jun 28, 2017 12:42 pm
by AGray
tgriep wrote:I did a search at the Nagios Exchange site and didn't find any documentation on SiteMinder and Single Sign On.
You can take a look there yourself and see if you can find some instructions that are similar to what you are looking to do.
https://exchange.nagios.org/
I think these guys were on the right track, albeit a slightly different track
https://exchange.nagios.org/directory/A ... on/details
Their approach requires modified nagios source code where you permit the cgi code to accept a cookie sent from the webserver as authentication mechanism. If Single Sign On works, it passes the cookie and the group. The same would apply for SiteMinder as it passes SM_USER and SM_GROUP (I think those are the right names) and this code could be used. I just need to decide if I want to go down this road.
Too bad I have no idea who Larry Bills is, and what he told that guy.
OKAY, no worries. I may just abandon this approach. Thx.
Re: SiteMinder (SSO) in Nagios Core
Posted: Wed Jun 28, 2017 12:47 pm
by tgriep
Sorry that we couldn't help much on this.
Maybe check with SiteMinder to see if they have some documentation.
Re: SiteMinder (SSO) in Nagios Core
Posted: Thu Jun 29, 2017 9:51 pm
by tacolover101
i know some SSO's simply 'map' on the backend, so if you're able to some how 'proxy' basic auth, or pass that on the backend you could probably accomplish this. this would entail having SSO reach out to LDAP and pass headers back to Nagios, which should work.
if you only have a few different user levels, you could probably map AD groups <-> single nagios users.
Re: SiteMinder (SSO) in Nagios Core
Posted: Fri Jun 30, 2017 10:28 am
by dwhitfield