Nagios login authentication with Single Sign On (SSO)


#1

Hi ! All,

I have installed Nagios 3.0.6 on CentOS 5.3 for about 6 months. At first, The Nagios
using LDAP protocol to access Windows AD account to authenticate the Nagios user.
It is working fine. Recently, The Nagios system must using another authentication
system to authenticate the user who login to Nagios.

The new authentication ID was stored at Lotus Notes. We set up an web service using
.Net system to access Lotus Notes DB to authenticate the login account. I have wrote
a PHP program to intercept the guid that generated from .Net Web service and translate
it to real user name via php function http_get(), The program is as follow:

$uid = $_REQUEST’id’];
$response = http_get(“http://<.Net web service url>/GetNotesAccount?guid=”.$uid);
$cur_pos = strpos($response,">");
$q_parse = trim(substr($response,$cur_pos+1));
$q = strtolower(trim(strip_tags($q_parse)));

The $uid value is likes “1681b8af-2770-4198-8313-496ed29e8777” which was received from
web portal system and $uid was generated from .Net web service.

Above program will get a result $q, $q is the real user name which login from web portal system.
eg, jm luo , we must using above program to get the real user name since the web portal system
just send the guid to every system on the web portal.

The question is :

  1. I can get the real user name but Nagios cannot recognized and always display "It appears as
    though you do not have permission to view information for any of the services you requested…"
    when I click any item on the Naios left panel.

  2. I have remove any authentication ways from Apache server, but Nagios still do not permit
    user to access the Nagios system. Nagios displayed is same as above.

I think the key point may be is the Apache server authentication mechanism, But I cannot
resolve.

Does any body know the reason and please provide suggestion to me ?!

Many thanks !!!

J.M. Luo
06/12/2010