SairamObili
(Sairam Reddy Obili)
October 9, 2023, 10:11am
1
CMK version: Checkmk Raw Edition 2.2.0p8
OS version:
SUSE 15 SP3
Error message:
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
Hi All,
I would like manage my site with both localadmin and azure ad authentication? Is it possible to do it? Please share your thoughts
Anders
(Anders)
October 9, 2023, 4:20pm
2
I don’t think that is possible in RAW
SairamObili
(Sairam Reddy Obili)
October 10, 2023, 10:58am
3
Thanks Anders.
i have integrated my site with azure ad, i was doing some API calls and pulling some information using automation account but its going to MFA, is there a way to bypass it?
Anders
(Anders)
October 11, 2023, 7:52am
4
How have you done the auth? mod_auth_mellon ?
SairamObili
(Sairam Reddy Obili)
October 11, 2023, 8:03am
5
i m using mod_auth_mellon
@Glowsome is the community expert for mod_auth_mellon and might have some ideas.
1 Like
Glowsome
(Michael Honkoop)
October 11, 2023, 5:47pm
7
If your api-calls are also processed by mod_auth_mellon, it means they are either not excluded in the auth.conf in your site, or not defined.
Below is the part in a/the auth.conf that will decide to use mod_auth_mellon or local auth.
<If "! %{HTTP_COOKIE} =~ /auth_/ && \
! %{REQUEST_URI} = '/${SITE}/check_mk/register_agent.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/webapi.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/run_cron.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/automation.py' && \
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/deploy_agent.py' && \
! %{QUERY_STRING} =~ /(_secret=|auth_|register_agent)/ && \
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.png|login\.py|.*\.(css|js)))# && \
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.svg|login\.py|.*\.(css|js)))# ">
As you can see in this block there is an entry which will make sure the api falls outside of the mod_auth_mellon.
specifically:
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
This was taken from my original How-To , where others also mentioned extending the condition-block after having noticed some were missing.
1 Like