Ad Widget

Collapse

Zabbix 5 (LTS) ans Server 2019 ADFS Configuration

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • JMAIV
    Junior Member
    • Oct 2016
    • 26
    #1

    Zabbix 5 (LTS) ans Server 2019 ADFS Configuration


    Hi All,

    We have migrated our Zabbix 3 server to a new Zabbix 5 server. because Zabbix 5 supports SAML, I figured I'd give it a go...
    Yet it seems to be a bit of a challange to me.

    my current config in Zabbix:


    Click image for larger version Name: Zabbix2_SAML.png Views: 0 Size: 36.4 KB ID: 428048

    the error message:


    Click image for larger version Name: Zabbix_SAML_Error.JPG Views: 819 Size: 14.1 KB ID: 428049

    I've tried several configurations. Altering the username attribute to just about anything. but i can't find a way to get it work.
    Any ssuggestions on how to debug this?

    thanks!!



    Tags: None
    • JMAIV
      Junior Member
      • Oct 2016
      • 26
      #2
      anyone with a spare minute or to?

        Comment

        • dhellstern
          Junior Member
          • Aug 2021
          • 6
          #3
          The SAML document returned by ADFS is missing an assertion containing the username (or it may have one, but with a different name). Make sure the ADFS server is adding an assertion containing the username, with a matching name in Zabbix. Then, try to capture a request and extract the SAML assertion, decode it (using something like CyberChef), and see what assertions it contains.

            Comment

            • emilien.henry
              Junior Member
              • Feb 2020
              • 1
              #4
              Hey,

              You should map UPN as exiting claim and Client ID (and the what you want for your active directory attribute) on AD FS.

              Use http://schemas.xmlsoap.org/ws/2005/0...ity/claims/upn as Username attribute in Zabbix.

                Comment

                • JMAIV
                  Junior Member
                  • Oct 2016
                  • 26
                  #5
                  thank you for your suggestions, sorry it's been a while. I will try this and report back.

                    Comment

                    Previous template Next
                    Working...