Ad Widget

Collapse

nginx sso asks an authorization

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sbardeev
    Junior Member
    • Nov 2022
    • 8
    #1

    nginx sso asks an authorization

    Hi all!

    I was configured an SSO with spnego-http-auth-nginx-module on NGINX, authorization is successful. But web console every new session asks authorization.
    No errors in Windows Security Log. Where in zabbix, nginx or other logs I can see for errors?
    Tags: None
    • Markku
      Senior Member
      Zabbix Certified SpecialistZabbix Certified ProfessionalZabbix Certified Expert
      • Sep 2018
      • 1781
      #2
      Can you show us a screenshot about the problem? At least I don't have any idea what is an authorization in a browser in this case.

      Markku

        Comment

        • lisa
          Junior Member
          • Aug 2022
          • 2
          #3
          Hello, I have same problem with SSO nginx. In the nginx configuration, I specify a parameter that disables basic web authentication, but it doesn't work. How to disable it in the nginx settings?


          nginx version: 1.18

          My default.conf:

          server {
          access_log /var/log/nginx/zabbix_access.log;
          error_log /var/log/nginx/zabbix_error.log;

          listen 80;
          listen 443 ssl;
          server_name server.zabbix.com;

          ssl_certificate /etc/nginx/ssl/cert.crt;
          ssl_certificate_key /etc/nginx/ssl/key.key;

          if ($scheme != "https") {
          return 301 https://$host$request_uri;
          }

          root /usr/share/zabbix;

          index index.php;

          error_page 401 /index.php?form=default;

          location = /favicon.ico {
          log_not_found off;
          }

          location / {
          auth_basic off;
          allow all;
          try_files $uri $uri/ =404;
          }

          location /assets {
          access_log off;
          expires 10d;
          }

          location ~ /\.ht {
          deny all;
          }

          location ~ /(api\/|conf[^\.]|include|locale) {
          deny all;
          return 404;
          }

          location /vendor {
          deny all;
          return 404;
          }


          location /api_jsonrpc.php {
          allow all;
          }

          location ~ [^/]\.php(/|$) {
          auth_basic off;
          allow all;
          fastcgi_pass unix:/var/run/php/zabbix.sock;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_index index.php;

          fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
          fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
          fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;


          include fastcgi_params;
          fastcgi_param QUERY_STRING $query_string;
          fastcgi_param REQUEST_METHOD $request_method;
          fastcgi_param CONTENT_TYPE $content_type;
          fastcgi_param CONTENT_LENGTH $content_length;

          fastcgi_intercept_errors on;
          fastcgi_ignore_client_abort off;
          fastcgi_connect_timeout 60;
          fastcgi_send_timeout 180;
          fastcgi_read_timeout 180;
          fastcgi_buffer_size 128k;
          fastcgi_buffers 4 256k;
          fastcgi_busy_buffers_size 256k;
          fastcgi_temp_file_write_size 256k;
          }

          auth_gss on;
          auth_gss_realm ZABBIX.COM;
          auth_gss_keytab /etc/nginx/auth.keytab;
          auth_gss_service_name HTTP/server.zabbix.com;
          auth_gss_allow_basic_fallback on;
          proxy_set_header Authorization "";
          }


          Last edited by lisa; 19-04-2023, 10:27. Reason: Wrong Screenshot

            Comment

            • lisa
              Junior Member
              • Aug 2022
              • 2
              #4
              Click image for larger version Name: image.png Views: 245 Size: 18.2 KB ID: 463342

              screenshot with problem

                Comment

                Previous template Next
                Working...