From 7bef6f71532820fedd7b6b148206a8a2c6775846 Mon Sep 17 00:00:00 2001 From: Toby Higginbotham Date: Wed, 2 Jun 2021 16:16:52 -0500 Subject: [PATCH] Zabbix Integration Instructions (#960) --- .../integrations/services/zabbix/index.md | 60 +++++++++++++++++++ website/sidebars.js | 1 + 2 files changed, 61 insertions(+) create mode 100644 website/docs/integrations/services/zabbix/index.md diff --git a/website/docs/integrations/services/zabbix/index.md b/website/docs/integrations/services/zabbix/index.md new file mode 100644 index 000000000..fb854362d --- /dev/null +++ b/website/docs/integrations/services/zabbix/index.md @@ -0,0 +1,60 @@ +--- +title: Zabbix +--- + +## What is Zabbix + +From https://www.zabbix.com/features + +:::note +Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. + +Zabbix is Open Source and comes at no cost. +::: + +## Preparation + +The following placeholders will be used: + +- `zabbix.company` is the FQDN of the Zabbix install. +- `authentik.company` is the FQDN of the authentik install. + +Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters: + +- ACS URL: `https://zabbix.company/zabbix/index_sso.php?acs` +- Issuer: `zabbix` +- Service Provider Binding: Post + +You can of course use a custom signing certificate, and adjust durations. + +## Zabbix Configuration + +Navigate to `https://zabbix.company/zabbix/zabbix.php?action=authentication.edit` and select SAML settings to configure SAML. + +Check the box to enable SAML authentication. + +Set the Field `IdP entity ID` to `zabbix`. + +Set the Field `Username attribute` to `http://schemas.goauthentik.io/2021/02/saml/username` + +Set the Field `SP entity ID` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/` + +Check the box for `Case sensitive login`. + +For the `SAML Service Provider Certificate` and `SAML Service Provider Private Key`, you can either use custom certificates, or use the self-signed pair generated by authentik. + +Copy the cert and key to `/usr/share/zabbix/conf/certs/`, the system looks for `sp.key` and `sp.crt` by default. + +The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php) + +``` +$SSO['SP_KEY'] = ''; +$SSO['SP_CERT'] = ''; +``` + +For additional security you can enable the Verification Certificate by checking the `Sign -> AuthN requests` in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file. + +``` +$SSO['IDP_CERT'] = ''; +``` + diff --git a/website/sidebars.js b/website/sidebars.js index c6bbf8264..96daf294c 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -71,6 +71,7 @@ module.exports = { "integrations/services/veeam-enterprise-manager/index", "integrations/services/vmware-vcenter/index", "integrations/services/wiki-js/index", + "integrations/services/zabbix/index", ], }, ],