Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add oauth2 web flow #953

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add oauth2 web flow #953

wants to merge 8 commits into from

Conversation

jabdoa2
Copy link
Contributor

@jabdoa2 jabdoa2 commented Jul 25, 2023

No description provided.

@HenriWahl
Copy link
Owner

As being on vacation the review will be a little bit delayed.

@jabdoa2
Copy link
Contributor Author

jabdoa2 commented Jul 30, 2023

As being on vacation the review will be a little bit delayed.

Dont worry. I will be on vacations as well.

@HenriWahl
Copy link
Owner

@jabdoa2 just tell me when you are finally done and I might review

@jabdoa2
Copy link
Contributor Author

jabdoa2 commented Aug 25, 2023

I have used it for a few weeks now and it works well. So ready for review :-).

@HenriWahl
Copy link
Owner

@jabdoa2 sorry for the late reply.

I do not fully understand in how far this is a server type?

@jabdoa2
Copy link
Contributor Author

jabdoa2 commented Sep 20, 2023

@jabdoa2 sorry for the late reply.

I do not fully understand in how far this is a server type?

This is a type of authentication. It works similar to: https://github.com/int128/kubelogin/blob/master/docs/credential-plugin-diagram.svg (from https://github.com/int128/kubelogin). This allows you to use almost any cooperate single-sign on solution (such a keycloak, google, azure, okta, facebook, github and may more). Also enables 2FA or PKI solutions.

I can show this to you if you like to see it in action. We can schedule a call if you like (i am GMT+2).

Looks like I accidentally included a bugfix for the notification server in this PR. I can rebase if that helps.

@HenriWahl
Copy link
Owner

Yes, this is why I am wondering. Maybe we'll find a better place to put that logic into, as the Servers directory is full of servers.

@HenriWahl
Copy link
Owner

I am going to test the functionality with local Keycloak setup.

@jabdoa2
Copy link
Contributor Author

jabdoa2 commented Oct 10, 2023

Let me know if you need any help with setting up a local keycloak. I guess you could also use the testground at https://openidconnect.net/ as a provider. For your Icingaweb (or any other web based solution) you need Apache with mod_auth_oidc (or any other similar extension) or nginx with an oidc extension.

@jan-kantert
Copy link

Is there anything I could help here?

@HenriWahl
Copy link
Owner

@jan-kantert can you test it? And as mentioned to @jabdoa2, I would not sort this functionality into Servers.

@matt-horwood-mayden
Copy link

Can I test this please? But I dont have the brains to build from source 😞

@matt-horwood-mayden
Copy link

Can I test this please? But I dont have the brains to build from source 😞

I have built this and my current config now doesnt work, get the below errors

QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout

@mhzawadi
Copy link

I have a working keycloak setup and would love to test this out

@jabdoa2
Copy link
Contributor Author

jabdoa2 commented May 28, 2024

Can I test this please? But I dont have the brains to build from source 😞

I have built this and my current config now doesnt work, get the below errors

QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout
QLayout: Attempting to add QLayout "" to StatusWindow "", which already has a layout

When do you get that error? When nagstamon runs? When compiling?

@mhzawadi
Copy link

I get the error running nagstamon on the command line, it runs kind of fine from a compiled app. But it fails to get any data

@HenriWahl HenriWahl mentioned this pull request Sep 19, 2024
Open
@Fvbor
Copy link
Contributor

Fvbor commented Nov 15, 2024
edited
Loading

Hi @jabdoa2 @HenriWahl
I tested this the last days inkl. building/compiling.
Every build here was created in a Microsoft Sandbox on a Windows 10 Notebook.
For the test I didn´t wanted to create the build environment on my Notebook.
Python: 3.13.0 and 3.11.8
Innosetup 6.3.3
vs_BuildTools direct from the Installer from Microsoft

My results:
This PR here is based on nagstamon 3.13 which won´t start after building.
Version 3.12 from your Repo won´t start after building

After migrating the changes from this PR* into Nagstamon 3.14 or the newer Version 3.16.2 the build was successfull and nagstamon start up.
*: I looked into the changed files and pasted every changed line into the other code.
Checkmk with BasicAuth runs and I am able to select "OAuth2 Web Flow".

Nagstamon is not able to connect and throw in the GUI the error AttributeError: 'NoneType' object has no attribute 'get'
It will not open a Browser Window to Authenticate against EntraID
In the activated debug logs:

DEBUG: 2024-11-15 14:03:05.151834 checkmk Created server.
DEBUG: 2024-11-15 14:03:23.086398 checkmk SAML Created server.
DEBUG: 2024-11-15 14:03:23.136954 checkmk SAML FetchURL: https://checkmk.domain.local/monitoring/check_mk/view.py?view_name=nagstamon_hosts&output_format=python&lang=&limit=hard&is_host_acknowledged=-1&is_service_acknowledged=-1&is_host_notifications_enabled=-1&is_service_notifications_enabled=-1&is_host_active_checks_enabled=-1&is_service_active_checks_enabled=-1&host_scheduled_downtime_depth=-1&is_in_downtime=-1 CGI Data: None
ERROR: 2024-11-15 14:03:23.179792 checkmk SAML Traceback (most recent call last):
 File "Nagstamon\Servers\Generic.py", line 1510, in FetchURL
AttributeError: 'NoneType' object has no attribute 'get'

ERROR: 2024-11-15 14:03:23.179792 checkmk SAML Traceback (most recent call last):
 File "Nagstamon\Servers\Generic.py", line 1510, in FetchURL
AttributeError: 'NoneType' object has no attribute 'get'

This is this line:

Nagstamon/Nagstamon/Servers/Generic.py

Line 1498 in 5a37b6c

response = self.session.get(url, timeout=self.timeout, headers=headers)

After quitting and restarting Nagstamon he shows me the same error.
If I enter the settings and edit the Server the Authentication in the DropDown is set back to Basic. After Closing the Edit Server Menu without saving it is still set to oauth2 web flow. I can confirm this by checking the config file (and the error log)

But this is where my knowledge comes to an end.
I am happy to help and can test it with checkmk 2.2 and EntraID.

Relates to Issue #1048

Edit: I forget to mention another change, but that shouln´t have any impact for this.
I had to change the SetupIconFile to a hardcoded absoluth path in the nagstamon.iss.
So this line is SetupIconFile=C:\Users\WDAGUtilityAccount\Desktop\nagstamon\Nagstamon\resources\nagstamon.ico

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jabdoa2 @HenriWahl @jan-kantert @matt-horwood-mayden @mhzawadi @Fvbor