Werk #14976: Add SAML Authentication to Checkmk UI
| Component | Setup, site management |
| Title | Add SAML Authentication to Checkmk UI |
| Date | Jan 31, 2023 |
| Checkmk Edition | Checkmk Enterprise (CEE) |
| Checkmk Version | 2.2.0b1 |
| Level | Trivial Change |
| Class | New Feature |
| Compatibility | Compatible - no manual interaction needed |
SAML authentication is now integrated with the Checkmk UI.
The initial feature set includes the following:
- Single sign-on (HTTP POST binding/front channel communication)
- Setup page to configure one or more SAML connections: Setup -> Users -> SAML Authentication
- Automatic user creation and user attribute synchronization at login time
- Signing of requests and signature verification of responses. Supported algorithms: SHA256, SHA384, SHA512
- Logging to $OMD_ROOT/var/log/web.log for administrative and debugging purposes
- Option to log in with username and password for non-SAML users (htpasswd/LDAP)
With this change, we also deprecate the previous SAML integration approach on Apache level based on mod_auth_mellon. Support will be dropped with Checkmk version 2.3.0. If you would still like to use this approach in version 2.3.0 and beyond, mod_auth_mellon will need to be installed.