JManDoo
commented
2 years ago I was able to fix Distributed monitoring!
Original for AzureAD SAML: https://docs.checkmk.com/latest/de/draft_saml.html
<If "! %{HTTP_COOKIE} =~ /auth_/ && \
! %{REQUEST_URI} = '/${SITE}/check_mk/register_agent.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/webapi.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/run_cron.py' && \
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/deploy_agent.py' && \
! %{QUERY_STRING} =~ /(_secret=|auth_|register_agent)/ && \
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.png|login\.py|.*\.(css|js)))# ">
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.svg|login\.py|.*\.(css|js)))# ">Here is the Fix
<If "! %{HTTP_COOKIE} =~ /auth_/ && \
! %{REQUEST_URI} = '/${SITE}/check_mk/register_agent.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/webapi.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/run_cron.py' && \
Fix 1 ! %{REQUEST_URI} = '/${SITE}/check_mk/automation.py' && \
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/deploy_agent.py' && \
! %{QUERY_STRING} =~ /(_secret=|auth_|register_agent)/ && \
Fix 2 ! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.png|login\.py|.*\.(css|js)))# && \ <-- Add
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.svg|login\.py|.*\.(css|js)))# ">
I have enabled SAML Auth using the documentation located here: https://docs.checkmk.com/latest/de/draft_saml.html
on 2 CheckMK Instances which are connected via Distributed Monitoring
This way if you login to each site separately, you are prompted for authentication via saml and MFA
I get the issue below as the sites cannot login to one another on their own auth channel
Do you have a way to Bypass SAML for Site to Site Communication?