I just finished implementing SAML authentication on our main Checkmk but now I want to implement this on our distributed nodes/sites as well. However, I can’t get it to work.
Unfortunately, the SAML authentication has not been implemented for the Distributed setup yet. It's there for LDAP connections (Setup >> General >> Distributed monitoring >> Configuration connnection >> Sync with LDAP connection) where you can sync users with different connection options. So, its not possible at the moment.
(vgl. https://forum.checkmk.com/t/saml-authentication-distributed-monitoring/42839 )
- at the moment SAML authentication is only possible on the master site
- User sync for SAML connections has not been implemented yet
- SAML authentication on distributed sites and User sync with SAML connections must be added
"SAML sync and auth distributed sites" (suggested by <Hidden> on 2024-01-04), including upvotes (1) and comments (0), was merged into this suggestion.
SAML does not have a functionality to have a trust with an an IDP and multiple SP's, as its based on an EntityID and its certificates, which will be different for each distrubuted node.OpenID-Connect can handle this, as it has support for one set of credentials (Client-ID/Client-secret) combined with multiple redirect-Uri's.Therefore i would like to opt for implementation of the OpenID-Connect way of federating instead of going down the SAML-road.- Glowsome
This feedback board is powered by Feature Upvote.
When submitting your email with a suggestion or comment, Feature Upvote uses your email to
Your email is never displayed to other users. Checkmk staff will be able to see your email address.
Feature Upvote's Acceptable Use Policy can be summarized as:
Read the full Acceptable Use Policy (in English)
We’ll email you when the status of the suggestion changes. You can unsubscribe at any time with a single click.