Ad Widget

**Alex.S** · 26-10-2017, 09:58

Hi Ming Li,

Welcome to the forum!

There are no fixed plans for adding Keycloak to Zabbix at this stage, but we are open to suggestions

Is this enhancement something you've already done yourself, or more of a desired functionality you want to us to implement? In case of the latter, please drop me a line to sales @ zabbix.com to discuss it in more detail.

Cheers,

Alex.

**Ming Li** · 26-10-2017, 10:02

Alex,

We want to develop ourselves. I want to consult how we can contribute our enhancements into Zabbix.

Ming Li

**Alex.S** · 26-10-2017, 10:40

Gotcha! Well, the easiest way would be to share your enhancement here: https://share.zabbix.com/

**Alex.S** · 26-10-2017, 10:45

Question though, do you specifically need Keycloak as SSO or would you consider other options too?

**jan.garaj** · 26-10-2017, 21:40

Keycloak is just an identity provider (IDP). In the theory, any IDP (Google, Facebook, ...) can be used for the authentification.

IMHO it's already easy to use Keycloak (or any IDP) for Zabbix authentication. Just add properly configured keycloak-proxy in front of Zabbix frontend.
Zabbix authorization (!= authentication) is a problem because that one will need Zabbix code change (for example JWT support).

**zhiyuan** · 17-07-2018, 08:45

hi, Alex and Jan,
we complete the zabbix-integrate with keycloak.
Is there a simple/quick way to post my code for your review?
Abstract for our solution:
1. Package the authentication-relevant-php-files as a RPM (: named zabbix-keycloak-plugins)
2. install zabbix-keycloak-plugins after zabbix-official rpms
3. USER request zabbix
4. zabbix-redirect User to keycloak server
5. Keycloak AUTH ok, return "code" and "state" to zabbix
6. zabbix exchange JWT token from keycloak with "code" and "state"
7. zabbix store JWT token into DB and parse JWT Token.
8. Based on Parsed JWT token, zabbix build the authentication Array (:The Array, zabbix used for INTERNAL authentication method)
9. USER access Zabbix...
The picture show the simple UI from USERs perspective.

So, ask again,
Is there a simple/quick way to post my code for your review? (Only SVN procedure?)

**dimir** · 17-07-2018, 14:21

Thank you. The corresponding ZBXNEXT was created by zhiyuan : https://support.zabbix.com/browse/ZBXNEXT-4640

**zhiyuan** · 18-07-2018, 09:23

hi，zabbix official:
Can you give me the guide to do this contribute-back action?

**kloczek** · 18-07-2018, 09:57

According to Keycloak documentation it can integrate underneath LDAP. If Keycloak will be using as backend storage LDAP you don't need to use straight Keycloak and nothing in zabbix needs to be adapted.
Just check is your setup is using LDAP as backlend storage.

**zhiyuan** · 20-07-2018, 03:30

Hi, upload this feature to https://share.zabbix.com/ is ok for review by you ?

**mikco** · 09-07-2019, 16:49

Hi...... imposible to run in zabbix 4.2.x, any idea?

**Mechanix** · 26-09-2019, 18:17

Our company also has a demand to integrate sso. Any plans to have this feature (officially) integrated in zabbix? Thanks

Ad Widget

Zabbix has plan to integrate Keycloak as SSO

Zabbix has plan to integrate Keycloak as SSO

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment