Werk #14976: Add SAML authentication to Checkmk UI

Component Setup, site management
Title Add SAML authentication to Checkmk UI
Date Jan 31, 2023
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.2.0b1
Not yet released
Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1
Not yet released
Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

SAML authentication is now integrated with the Checkmk UI.

The initial feature set includes the following:

  • Single sign-on (HTTP POST binding/front channel communication)
  • Setup page to configure one or more SAML connections: Setup -> Users -> SAML authentication
  • Automatic user creation and user attribute synchronization at login time
  • Signing of requests and signature verification of responses. Supported algorithms: SHA256, SHA384, SHA512
  • Logging to $OMD_ROOT/var/log/web.log for administrative and debugging purposes
  • Option to log in with username and password for non-SAML users (htpasswd/LDAP)

With this change, we also deprecate the previous SAML integration approach on Apache level based on mod_auth_mellon. Support will be dropped with Checkmk version 2.3.0. If you would still like to use this approach in version 2.3.0 and beyond, mod_auth_mellon will need to be installed.

To the list of all Werks