Ad Widget

**jbanner6736** · 28-05-2020, 20:59

I managed to fix this myself, turns out via JIRA, Zabbix doesn't natively have a metadata url nor does it have a service provider metadata file which is odd being SAML and is how SAML works :/

Step1: Created Metadata

Code:

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor entityID="https://monitor.example.edu" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://monitor.example.edu/index_sso.php?acs" index="0" />
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://monitor.example.edu/index_sso.php?sls" />
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
    </SPSSODescriptor>
   <Organization>
      <OrganizationName xml:lang="en">Your Organization Name</OrganizationName>
      <OrganizationDisplayName xml:lang="en">Zabbix Network Monitor</OrganizationDisplayName>
      <OrganizationURL xml:lang="en">http://monitor.example.edu/</OrganizationURL>
   </Organization>
   <ContactPerson contactType="administrative">
      <GivenName>System Administrator</GivenName>
      <EmailAddress>[email protected]</EmailAddress>
   </ContactPerson>
   <ContactPerson contactType="support">
      <GivenName>Tech Support</GivenName>
      <EmailAddress>[email protected]</EmailAddress>
   </ContactPerson>
</EntityDescriptor>

Step 2: Added Alias under DocumentRoot tag in Apache to Metadata file on Zabbix Server that is placed at /var/www/html

Code:

Alias "/zabbix-metadata.xml" "/var/www/html/zabbix-metadata.xml"

Badda bing, Zabbix now has a service provider metadata url. Adding Zabbix as a relying party to ADFS or Shibboleth is easy peasy.

**Gblaze56** · 19-12-2020, 21:28

Originally posted by jbanner6736

I managed to fix this myself, turns out via JIRA, Zabbix doesn't natively have a metadata url nor does it have a service provider metadata file which is odd being SAML and is how SAML works :/

Step1: Created Metadata

Code:

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor entityID="https://monitor.example.edu" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://monitor.example.edu/index_sso.php?acs" index="0" />
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://monitor.example.edu/index_sso.php?sls" />
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="en">Your Organization Name</OrganizationName>
<OrganizationDisplayName xml:lang="en">Zabbix Network Monitor</OrganizationDisplayName>
<OrganizationURL xml:lang="en">http://monitor.example.edu/</OrganizationURL>
</Organization>
<ContactPerson contactType="administrative">
<GivenName>System Administrator</GivenName>
<EmailAddress>[email protected]</EmailAddress>
</ContactPerson>
<ContactPerson contactType="support">
<GivenName>Tech Support</GivenName>
<EmailAddress>[email protected]</EmailAddress>
</ContactPerson>
</EntityDescriptor>

Step 2: Added Alias under DocumentRoot tag in Apache to Metadata file on Zabbix Server that is placed at /var/www/html

Code:

Alias "/zabbix-metadata.xml" "/var/www/html/zabbix-metadata.xml"

Badda bing, Zabbix now has a service provider metadata url. Adding Zabbix as a relying party to ADFS or Shibboleth is easy peasy.

Thanks Jbanner! Looks very helpful, in ubuntu where is the DocumentRoot for zabbix? I've tried Grepping and can't really find it

update: through trial and error I found it in /etc/apache2/sites-available/000-default.conf

Ad Widget

Zabbix SAML Meatdata URL

Zabbix SAML Meatdata URL

Comment

Comment