SAML Authentificaton Enterprise Version

EnricoDon · June 5, 2024, 6:53am

Hello everyone,

We want to set up an SSO in Checkmk. I then came across the SAML Auth. But it only explains how it works with Azure AD. But we have an AD on Premmiss or an ADFS server.

In addition, the instructions refer to the RAW Checkmk Edition but not to the Enterprise.

The web interface requires an XML from Identity Provider, where we have generated and stored the metadata XML file from our ADFS server. Now we need such an XML file on the Checkmk side so that we can provide it to our ADFS server or the complete server URL where this metadata XML is located.

My question is how do we have to proceed with the SSO setup for Enterprise Edition and are we already on the right track with the XML files? and how do I create such a Metadata XML file so that I can enter it into ADFS and establish the connection?

LG
Enrico

In German:

Hallo Zusammen,

und zwar wollen wir ein SSO in Checkmk einrichten. Ich bin dann auf die SAML Auth. Anleitung gestoßen dort wird aber nur erklärt wie das mit der Azure AD funktioniert. Wir haben aber eine AD on Premmiss oder ein ADFS Server.

Außerdem wird in der Anleitung auf die RAW Checkmk Edition eingegangen aber nciht auf die Enterprise.

Im Webinterface wird eine XML von Identity Provder verlangt, dort haben wir die Metadata XML Datei von unseren ADFS Server generieren lassen und hinterlegt. Nun brauchen wir Checkmk seitig so eine XML Datei damit wir diese unseren ADFS Server bereitsstellen können oder die vollständige Server URL wo diese Metadata XML liegt.

Meine Frage ist wissen Sie wie wir vorgehen müssen bei der SSO Einrichtung für Enterprise Edition und sind wir schon auf den richtigen Weg mit den XML Dateien? und wie erzeuge ich solch eine Metadata XML Datei damit ich die in ADFS einpflegen kann und die Verbindung aufbauen kann?

LG
Enrico

martin.hirschvogel · June 5, 2024, 10:14am

Chapter 1-3 is about the Checkmk Enterprise.
Chapter 4 about Raw.

Anders · June 5, 2024, 4:48pm

I have Checkmk and ADFS in my homelab working, it was quite easy to setup (but the checkmk guide is not great as it assumed you will run ADFS with RAW)

I’d talk to your ADFS team, you should be able to figure this out together

EnricoDon · June 6, 2024, 8:22am

Hello Mr. Hrischvogel,
Chapters 1-3 explain it with Azure AD but we are not in the cloud and operate an AD on premise.
We have now entered the complete FQDN in the Checkmk server URL, uploaded the XML file to the identity provider and at the bottom in the ‘Users’ section we have entered ‘sAMAccountName’ in the Users ID attribute field. After saving, ‘Entity ID, Metadata endpoint and Assertion Consumer Service endpoint’ were automatically generated. Which ones do I have to enter in my ADFS server now? And can you perhaps give me some tips on what else we have to enter in the lower “Users” area, because there are still some options to choose from, such as Contact Groups or Roles.

LG
Enrico

martin.hirschvogel · June 6, 2024, 8:40am

Hey Enrico,

Sorry, I can’t give hands-on support here. Can only point you to some resources, e.g. https://www.youtube.com/watch?v=UMs2JTAphV8 where my colleague Sudhir shows how he sets it up in Azure AD in detail. That might give you insights on what to enter in the fields, because these steps are typically the same.
For any detailed stuff → support @ Checkmk or a partner or hope for someone in the community

Cheers, Martin

system · June 6, 2025, 8:41am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.