我正在尝试使用Keycloack在zabbix中设置条目。 我的设置如下:
keycloak-gatekeeper配置有client_id,client_secret等,以对Keycloak的用户进行身份验证; Apache上的Zabbix仪表板,默认设置:我启用HTTP身份验证。
它配置了网守
client-id: zabbix_tst
client-secret: f2d8a52c-ebca-4fdb-85b7-36b203a75h54
discovery-url: http://host2:63665/auth/realms/demo
enable-default-deny: true
enable-logout-redirect: true
enable-logging: true
listen: 0.0.0.0:4180
redirection-url: http://host1:62236
upstream-url: http://127.0.0.1:62237
secure-cookie: false
enable-authorization-header: true
#enable-refresh-tokens: true
enable-session-cookies: true
scopes:
- data
- email
add-claims:
- name
- email
- given_name
网守的Nginx配置
server {
listen 62236;
root / ;
access_log /var/log/nginx/kc.access.log;
server_name keycloak;
index index.html;
location / {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Scheme http;
proxy_set_header X-Scheme http;
#proxy_redirect off;
}
location /oauth/callback {
proxy_pass http://127.0.0.1:4180;
#proxy_set_header X-Auth-Name $email;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Scheme http;
proxy_set_header X-Scheme http;
}
location /oauth/authorize {
proxy_pass http://127.0.0.1:4180;
proxy_set_header X-Auth-Name $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Scheme http;
proxy_set_header X-Scheme https;
}
}
我获得了授权表格并重定向到zabbix,但始终会出错,因为我没有在zabbix中得到授权。
我在做什么错了?
答案 0 :(得分:0)
您必须将PHP_AUTH_USER(或REMOTE_USER或AUTH_USER)请求标头变量传递给Zabbix。恕我直言,最好的选择是Apache-Zabbix HTTP authentication with Keycloak-proxy