We use SSO (EntraID) with our Zabbix environment.
The behavior we're used to seeing from an SSO-enabled application is when an SSO session is ended (manually via a logout button OR automatically via session time limit), the user can no longer access any other services/websites.
When ending the SSO session via any means other than the Sign Out button in Zabbix, the Zabbix session remains active.
Zabbix seems to authenticate once & then rely on the session cookie for continued access.
Per documentation (and looking at the cookie), the Zabbix session cookie only expires on browser session end.
Aside from the auto-logout setting, is there any way we might be able to control SSO user access more effectively?
Is it somehow possible to add an expiration to the session cookie?
Am I missing something not understanding things correctly?
Thank you.
Cookie reference: https://www.zabbix.com/documentation...erface/cookies
Zabbix Version: 7.0.16
Operating System: RHEL 9.6
The behavior we're used to seeing from an SSO-enabled application is when an SSO session is ended (manually via a logout button OR automatically via session time limit), the user can no longer access any other services/websites.
When ending the SSO session via any means other than the Sign Out button in Zabbix, the Zabbix session remains active.
Zabbix seems to authenticate once & then rely on the session cookie for continued access.
Per documentation (and looking at the cookie), the Zabbix session cookie only expires on browser session end.
Aside from the auto-logout setting, is there any way we might be able to control SSO user access more effectively?
Is it somehow possible to add an expiration to the session cookie?
Am I missing something not understanding things correctly?
Thank you.
Cookie reference: https://www.zabbix.com/documentation...erface/cookies
Zabbix Version: 7.0.16
Operating System: RHEL 9.6