CMK version: Checkmk Raw Edition 2.2.0p8
OS version:
SUSE 15 SP3
Error message:
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
Hi All,
I would like manage my site with both localadmin and azure ad authentication? Is it possible to do it? Please share your thoughts
I don’t think that is possible in RAW
Thanks Anders.
i have integrated my site with azure ad, i was doing some API calls and pulling some information using automation account but its going to MFA, is there a way to bypass it?
How have you done the auth? mod_auth_mellon ?
i m using mod_auth_mellon
If your api-calls are also processed by mod_auth_mellon, it means they are either not excluded in the auth.conf in your site, or not defined.
Below is the part in a/the auth.conf that will decide to use mod_auth_mellon or local auth.
<If "! %{HTTP_COOKIE} =~ /auth_/ && \
! %{REQUEST_URI} = '/${SITE}/check_mk/register_agent.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/webapi.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/run_cron.py' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/automation.py' && \
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
! %{REQUEST_URI} = '/${SITE}/check_mk/deploy_agent.py' && \
! %{QUERY_STRING} =~ /(_secret=|auth_|register_agent)/ && \
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.png|login\.py|.*\.(css|js)))# && \
! %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/(images/.*\.svg|login\.py|.*\.(css|js)))# ">
As you can see in this block there is an entry which will make sure the api falls outside of the mod_auth_mellon.
specifically:
! %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*' && \
This was taken from my original How-To, where others also mentioned extending the condition-block after having noticed some were missing.