check_http with SSO over redirct
Posted: Mon Feb 19, 2024 7:17 pm
Hello All,
I have a problem with check_http monitoring a website with SSO login (Shibboleth IdP) over redirected pages.
Not sure if it is cookie issue, if it is, do we have a workaround for it ?
# /usr/local/nagios/libexec/check_http -S -t 30 -H www.xxxxx.yyy -u /zzzzzzz/ --sni -f follow -vvv
SSL initialized
GET /zzzzzzz/ HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*
https://www.xxxxx.yyy:443/zzzzzzz/ is 216 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Location: https://www.xxxxx.yyy:443/zzzzzzz/SAML/ ... zzzzzzz%2F
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 0
Connection: close
**** CONTENT ****
Redirection to https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F
SSL initialized
GET /zzzzzzz/SAML/SingleSignOn?ReturnUrl=%2Fzzzzzzz%2F HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*
https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F is 2485 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... OOLw%3D%3D
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 1173
Connection: close
Set-Cookie: ASP.NET_SessionId=2u1l2izoefmtxzmtmz0dcvmy; path=/; HttpOnly; SameSite=Lax
**** CONTENT ****
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.xxxxxxx.yyy/idp/profile/SAM ... e</a>.</h2>
</body></html>
Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZLtS8MwEMb%2FlZLvbdqs4gzbYG6IBV%2FKOkX8Iml61UCb1Fzi9L%2B37XxFFD%2Fm4Z57fneXGYq26fjSuwe9gUcP6IJsPSd37IhNmYwhTMppFaaTMg3FlMUhk%2BVU1LGE9DAmwTVYVEbPCYv6V4boIdPohHa9FLM0jFmYHG3ZhB8c8pRF6UFyS4J1n6K0cKPzwbkOOaWq6iIpdAnWiggqHwk%2FaLSzplYN0GJ5fsboBiplQTpaFJckODFWwsg%2BJ7VoEAaGXCCqJ%2FhQcmuckaY5VrpS%2Bn5OvNXcCFTItWgBuZN8aM77GXi5L0J%2But3mYX5ZbEmwRAQ7wK6MRt%2BCLcA%2BKQlXm7NP%2FN1u9wM%2F0w7siZBwM9LT3xqR4LltNPLxFn%2FzdW%2FDkMVsqObjyu0X%2F9928U5AFv8En9EvOfvQjl%2F0jbN1bholX4YjtML9nptEyaioKqzHUu41diBVraDqt9s0ZreyIFx%2FMmd9vw262Kd%2B%2F5eLVw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rJoQTZbqV3iy7h37tYdcEr8nB4Uw4KU2oFBD52lynZOah51TGaeSIDdEtl4dk3wWqqKtqumb0ujLj9AuwfULi9tc4eRIYgrHNqSNWcD0V1wlqNj%2BdEBfCRAFr5LIS7M%2FkUV0H6lR%2BIBVuV4RZTA1t7wgEbUm4uxeoh5QOCrF105Ae3NQqaZqWK8KnEZvmpCVrJkNCw6HUjxShPHDniso6MszOEFvSS7gWNknfsNrptObjgIMWOaTSn3%2FlHSKR%2Fo38xLUQdcXv6diV1xII%2FlfmRy5PCaFqAZ7fAaEXNfn04zubmbLNyps%2Bi%2FouEvE6lviJIiMWXSnim8mvj89AnOOLw%3D%3D HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*
https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D is 1650 characters
STATUS: HTTP/1.1 302 Moved Temporarily
**** HEADER ****
Content-Length: 0
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
CContent-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... ution=e1s1
Set-Cookie: JSESSIONID=node0n752msm7mfjw17mj7vsjgqucj256709.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 d143ff54d809978a01bd0ec973b6c3b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: K4T9mhB-5CIkjs_-UScU0aeU_QK1HMu3_1WK9UssEtyRZXjDs9Znpw==
**** CONTENT ****
Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?execution=e1s1 HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*
https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1 is 3645 characters
STATUS: HTTP/1.1 500 Internal Server Error
**** HEADER ****
Content-Type: text/html;charset=utf-8
Content-Length: 2007
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
Content-Language: en-US
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.xxxxx.yyy/ https://*.experiencecloud.adobe.com https://*.adobe.com; upgrade-insecure-requests; base-uri 'none'
Set-Cookie: JSESSIONID=node01h907ehz4rpdm194dgzblt4811257393.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Error from cloudfront
Via: 1.1 3a3fd4c6610f69913daebe1ea7239b1a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: 8eEgc8ykbsesoot036ubEA_djvzELYnDmq3kctpsHXsA66HphEJB7w==
**** CONTENT ****
HTTP CRITICAL: HTTP/1.1 500 Internal Server Error - 3645 bytes in 0.182 second response time |time=0.181747s;;;0.000000 size=3645B;;;0
I have a problem with check_http monitoring a website with SSO login (Shibboleth IdP) over redirected pages.
Not sure if it is cookie issue, if it is, do we have a workaround for it ?
# /usr/local/nagios/libexec/check_http -S -t 30 -H www.xxxxx.yyy -u /zzzzzzz/ --sni -f follow -vvv
SSL initialized
GET /zzzzzzz/ HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*
https://www.xxxxx.yyy:443/zzzzzzz/ is 216 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Location: https://www.xxxxx.yyy:443/zzzzzzz/SAML/ ... zzzzzzz%2F
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 0
Connection: close
**** CONTENT ****
Redirection to https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F
SSL initialized
GET /zzzzzzz/SAML/SingleSignOn?ReturnUrl=%2Fzzzzzzz%2F HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: www.xxxxx.yyy
Accept: */*
https://www.xxxxx.yyy:443/zzzzzzz//SAML ... zzzzzzz%2F is 2485 characters
STATUS: HTTP/1.1 302 Found
**** HEADER ****
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... OOLw%3D%3D
Date: Mon, 19 Feb 2024 23:57:42 GMT
Content-Length: 1173
Connection: close
Set-Cookie: ASP.NET_SessionId=2u1l2izoefmtxzmtmz0dcvmy; path=/; HttpOnly; SameSite=Lax
**** CONTENT ****
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.xxxxxxx.yyy/idp/profile/SAM ... e</a>.</h2>
</body></html>
Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZLtS8MwEMb%2FlZLvbdqs4gzbYG6IBV%2FKOkX8Iml61UCb1Fzi9L%2B37XxFFD%2Fm4Z57fneXGYq26fjSuwe9gUcP6IJsPSd37IhNmYwhTMppFaaTMg3FlMUhk%2BVU1LGE9DAmwTVYVEbPCYv6V4boIdPohHa9FLM0jFmYHG3ZhB8c8pRF6UFyS4J1n6K0cKPzwbkOOaWq6iIpdAnWiggqHwk%2FaLSzplYN0GJ5fsboBiplQTpaFJckODFWwsg%2BJ7VoEAaGXCCqJ%2FhQcmuckaY5VrpS%2Bn5OvNXcCFTItWgBuZN8aM77GXi5L0J%2But3mYX5ZbEmwRAQ7wK6MRt%2BCLcA%2BKQlXm7NP%2FN1u9wM%2F0w7siZBwM9LT3xqR4LltNPLxFn%2FzdW%2FDkMVsqObjyu0X%2F9928U5AFv8En9EvOfvQjl%2F0jbN1bholX4YjtML9nptEyaioKqzHUu41diBVraDqt9s0ZreyIFx%2FMmd9vw262Kd%2B%2F5eLVw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=rJoQTZbqV3iy7h37tYdcEr8nB4Uw4KU2oFBD52lynZOah51TGaeSIDdEtl4dk3wWqqKtqumb0ujLj9AuwfULi9tc4eRIYgrHNqSNWcD0V1wlqNj%2BdEBfCRAFr5LIS7M%2FkUV0H6lR%2BIBVuV4RZTA1t7wgEbUm4uxeoh5QOCrF105Ae3NQqaZqWK8KnEZvmpCVrJkNCw6HUjxShPHDniso6MszOEFvSS7gWNknfsNrptObjgIMWOaTSn3%2FlHSKR%2Fo38xLUQdcXv6diV1xII%2FlfmRy5PCaFqAZ7fAaEXNfn04zubmbLNyps%2Bi%2FouEvE6lviJIiMWXSnim8mvj89AnOOLw%3D%3D HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*
https://idp.xxxxxxx.yyy:443/idp/profile ... OOLw%3D%3D is 1650 characters
STATUS: HTTP/1.1 302 Moved Temporarily
**** HEADER ****
Content-Length: 0
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=aLkhm8loHECuXc03aZXZe4E8/jz1FRlcU3cJFNe+nTfQtWpuVggVmCDi+k1DH0x+qGtpQhYOnDfVDQH/NyQnF7UTwfU3Lfsf7NeFjognc1aP5ysv7RabYs+pTM0J; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
CContent-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com
Location: https://idp.xxxxxxx.yyy/idp/profile/SAM ... ution=e1s1
Set-Cookie: JSESSIONID=node0n752msm7mfjw17mj7vsjgqucj256709.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Via: 1.1 d143ff54d809978a01bd0ec973b6c3b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: K4T9mhB-5CIkjs_-UScU0aeU_QK1HMu3_1WK9UssEtyRZXjDs9Znpw==
**** CONTENT ****
Redirection to https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1
SSL initialized
GET /idp/profile/SAML2/Redirect/SSO?execution=e1s1 HTTP/1.1
User-Agent: check_http/v2.4.0 (nagios-plugins 2.4.0)
Connection: close
Host: idp.xxxxxxx.yyy
Accept: */*
https://idp.xxxxxxx.yyy:443/idp/profile ... ution=e1s1 is 3645 characters
STATUS: HTTP/1.1 500 Internal Server Error
**** HEADER ****
Content-Type: text/html;charset=utf-8
Content-Length: 2007
Connection: close
Date: Mon, 19 Feb 2024 23:57:42 GMT
Set-Cookie: AWSALB=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/
Set-Cookie: AWSALBCORS=5E1mSGYzmzyuIcgXf4HLjxszvONAhD811Kwtl419oi0dZaq2Up34Gnfhh9T6wF0qrgCCOnkZ3TtRlskyfEtqV4Ic5/cMDKUZgXGAwoORwERxtj4+4czLLohvSBgb; Expires=Mon, 26 Feb 2024 23:57:42 GMT; Path=/; SameSite=None; Secure
Server: Apache
Expires:
Cache-Control: no-store
Content-Language: en-US
X-Frame-Options: deny
Strict-Transport-Security: max-age=15768000
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.xxxxx.yyy/ https://*.experiencecloud.adobe.com https://*.adobe.com; upgrade-insecure-requests; base-uri 'none'
Set-Cookie: JSESSIONID=node01h907ehz4rpdm194dgzblt4811257393.node0; Path=/idp; Secure; HttpOnly; SameSite=None
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Cache: Error from cloudfront
Via: 1.1 3a3fd4c6610f69913daebe1ea7239b1a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD1-C1
X-Amz-Cf-Id: 8eEgc8ykbsesoot036ubEA_djvzELYnDmq3kctpsHXsA66HphEJB7w==
**** CONTENT ****
HTTP CRITICAL: HTTP/1.1 500 Internal Server Error - 3645 bytes in 0.182 second response time |time=0.181747s;;;0.000000 size=3645B;;;0