OK, that wasn't too hard after all.

Zabbix side:



Google side:



In addition to this, I copied the contents from the 'Certificate' section of the 'Download metadata' window (click the link from the menu on the left in the screenshot above) and pasted it into /user/share/zabbix/conf/certs/idp.crt

Hopefully the above is enough for anyone else who get stuck like I was. Please get in touch if you need more info on setting up the Google Workspace side.

Thx KentW.

Unfortunately, I didn't manage to connect using those settings, I keep getting an error message from Google, after account selection :

"Error: app_not_configured_for_user

Service is not configured for this user."

If I try the "Test SAML Login" from Google admin console I get another error message, but this time from Zabbix :

You are not logged in

• No permissions for system access.
• The response was received at http://zabbix.xxxxx.xx/index_sso.php instead of https://zabbix.xxxxx.xx/index_sso.php?acs

My setup is a Zabbix inside a docker, running on port 8080, and a reverse proxy outside the docker, managing the 443 port. I'm wondering if the problem is not related to this setup, but I have no clue how to tell zabbix his real url is https:// and not http://.


Would you have any more advice ? I'm stuck on this :-)

I have the same issue. When. I'm testing I got:

Error: not_a_saml_app

Provided application is not a SAML app

When I'm log off from Gmail account I'm getting:


Error: app_not_configured_for_user

Service is not configured for this user.

I have setup SAML as show on screens.

Hi KentW

I'm pretty much stucked in here...followed the instructions but have those errors...any guide where to look into?

Test from G-Suite
403. That’s an error.
Error: not_a_saml_app

Provided application is not a SAML app


From Zabbix SAML authentication
403. That’s an error.
Error: app_not_configured_for_user


Thanks!

Hi guys,

Just in case, this is how it was solved

1) It's very important to follow what KentW suggested: In addition to this, I copied the contents from the 'Certificate' section of the 'Download metadata' window (click the link from the menu on the left in the screenshot above) and pasted it into /user/share/zabbix/conf/certs/idp.crt, that is just copying the certificate that google shows and creating a file idp.crt and pasting that information on that route (at least at Ubuntu)
2) On the mapping, the attribute username has to match what the zabbix Username attribute, also checking the Sign: Assertions and the SP Identity ID is the url of the same zabbix whether you have as a name or ip











Then everything works great...just a final tip, log out from you google account when you test it on the browser, otherwise will prompt an error of permissions on Zabbix

Finally, you have to manually create the user on Zabbix Users, the password don't matter you can type whatever password and will still log in with the google account password, but it has to be created, otherwise it won't work. That is how you assign the role and permission to the user



For me at the beggining was like...ok but what if the user logs in with the google account and change the password locally, will the user log in without SAML? Well the answer is yes (so what's the point right?), but as a hint you can create a LDAP group pointing to nowhere and the user add it to that dummy group, then he still can change the password, but when trying to log in will prompt LDAP Group not working, and the only way the users can log in is with SAML




Hope it helps!

Best regards

hi,
I want to know
is it possible to use saml rcdev authentication with zabbix-server ??

what do you mean by rcdev authentication?

Hi guys! I'm having some issues making this work on Zabbix 5.4.10.

My Google SAML configuration looks like this:


My Zabbix SAML settings looks like this:


The error that I get is:


And I have created a Zabbix username using the Google User's email address as the username.

What am I missing here?

Thanks!


Edit:

The Google Certificate is located under /usr/share/zabbix/conf/certs/idp.crt

andyway85​ I am facing the below error on google saml
I am using zabbix 6.4 version on ubuntu 22.04 LTS.



Error: app_not_enabled_for_user

Service is not enabled for this user.

Request Details

• idpid=C023q4x14
• SAMLRequest=
• RelayState=https://zabbix.com/index_sso.php

Zabbix saml settings are:


Am i missing anything here?
​

I had the same issue but figured out that I was proxying through Nginx and was missing some settings in the zabbix.conf.

Referencing this documentation: Zabbix Documentation - Setting Up Identity Provider

This solved the issue for me!