Ok, so I have created my personal user manually in CheckMk and set up the SAML authentication. This works so far, the SAML provider returns a response with my ID and some attributes, etc. I’m logged in.
But I see some unexpected behaviour here:
-
CheckMK does not care if I enable the “Authenticate users by incoming HTTP requests” option. It still logs me in when this option is disabled. I think this is a bug.
-
CheckMK does not care if the user returned in the SAML response is existing in CheckMk at all. It logs in anyone who is able to log in at the SAML provider, not caring if I have created that user in CheckMk or replicated it via LDAP. I’m then logged in with a user that seems to have read-only permissions, and when I try opening “Edit profile” is says that the user is not existing. I think correct behaviour would be to only log in users that are existing in CheckMk.
Regards,
Sven