fyi…
4 Likes
ok… are you a checkmk user? did you use checkmk dashboards? if yes, how do you use it?
if you have a better solution, tell me 
if not, i don’t understand your comment…
I am not quite sure, why the forum software suggested this thread to me, but…
The blog by @dns_es dns_es is actually a longer and more detailed version, of how we explain this in our official user guide: Users, roles and permissions - Authorization and user configuration
Though I do understand @checknl’s interjection about not putting the password and username in the url. Though I would always say, that it depends very very much on where and how this is used. I would know a lot of situations, where I would be totally fine with this solution.
There is one more thing though, that might lessen the concern here. You can use the so-called Nagios macros in the URL to mask the username and password in the URL. There is a file in your Checkmk site called
~/nagios/resource.cfg
You can simply add lines there and use these macros in your URL then. Of course, you will then have the password in plaintext in that file, but hopefully not a lot of people have access to this on your Checkmk server, right?
Add this to the resource.cfg:
$kioskuserpassword$=mykioskuserpassword
Then use this macro in the URL:
https://mycmkserver/mysite/check_mk/login.py?_origtarget=/mysite/check_mk/dashboard.py?name=mydashboard&_username=mykioskuser&_password=%kioskuserpassword%&_login=1
2 Likes
Thanks for the flowers 
Your hints are very welcome thank you. I will give it a try and if it works i´ll update the blog post.
of course, yes
kind regards,
Dennis
hi Guys,
I used your manual and this thread to configure this in our Office and Display a Dashboard on a Monitor for everybody in the IT-Department.
Now i upgraded to CMK 2.2.0 and since than the autologin doenst work anymore.-
If you try to open the Dashboard via this link:
http://Server_IP/Instancename/check_mk/login.py?_origtarget=/Instancename/check_mk/dashboard.py?name=simple_problems_stw&_username=kioskuser&_password=kioskpassword&_login=1
(i replaced all interna like the name of the instace, credentials in this)
you get following message:
(MEthod not allowed)
The Credentials are filled in anyway and you can click on Login.
This leads to the desired Dashboard.
Any solution to this?
Thx in Advance
Regards
Gregor
Have you tried with an automation user?
The URL remains the same. Just replace _password with _secret .
3 Likes
Tried your advice: worked perfectly! thx for the hint.
I didnt try this way because in the past i wasnt able to get it running with a secret.
But now it works like a charme.
Thx for your fast reply
Same problem but for me not work, what can i do?
Can you give insight as to what is the response when you attempt this ?
-
are you using any form of federative authentication ( SAML/OIDC) to login to CMK ?
-
Glowsome
Under 2.1, this worked fine for me passing the _username and _password in the URL.
I upgraded to 2.2. I’m using LDAP for my auth. Using the same local user, I set a secret. When I use the URL constructed with _secret, I get the login form - no other errors or feedback.
Interestingly, if I pass an incorrect secret, I get the method not allowed error message instead of nothing.
Aaaand 2.2 broke iframes including it in a smashing dashboard with the content security policy modifications. CSP has changed so my additional conf file with CSP edits wasn’t working. Now I’m through that and back to trying to get the autologin working.
Well I can’t make it work. Passing credentials in the URL doesn’t work. And if I nest it in an iframe, I can’t do an interactive login. I’ve tried stripping out all of the CSP rules and that didn’t help.
I’m back to 2.1 and it all works again with my dashboard host added to the CSP.
hi,
same problems. with 2.1 it works, with 2.2 i get the message method not allowed
br
Hello, unfortunately same behaviour with our instance at version 2.2.0p16. We used a workaround where we set the idle timeout for a user to unlimited and interactively login once. But this isn’t really convenient. So if there’s any fix to this issue, please let me know. Thank you!
1 Like
In Checkmk 2.2, you have to now manually enable login using HTTP GET to avoid unintentional leakage of user credentials in Apache’s access logs. See this Manual enablement of login using HTTP GET to avoid unintentional leakage of user credentials in Apache's access logs and Users, roles and permissions - User and authorization configuration
Thanks a lot!! Your solution fixed this issue for us.
Hi @sebkir ,
i tried that with checkmk 2.1 and 2.2 now but was not able to auto login when setting the password as a nagios macro in resource.cfg.
Is there anything i need to be aware of ?
The auto login in the browser with the same values worked.