Hanzo
PlatformHanzo IAMIntegrationsPHP

Zabbix

Use Hanzo IAM as the SAML IdP for Zabbix SSO.

Zabbix acts as the SAML Service Provider (SP) and Hanzo IAM as the Identity Provider (IdP). They use SAML 2.0 for single sign-on (SSO) into Zabbix.

Step 1: Deploy Hanzo IAM and Zabbix

Deploy Hanzo IAM and Zabbix. Ensure both are running and you can sign in to each.

Step 2: Adding Certificates

To ensure the security of communication, certificates need to be configured between Zabbix and Hanzo IAM. Private keys and certificates should be stored in the /etc/zabbix/conf/certs/ directory, unless a custom path is provided in zabbix.conf.php.

By default, the zabbix - web - nginx - mysql Docker container looks for the following locations:

  • /etc/zabbix/conf/certs/sp.key - SP private key file
  • /etc/zabbix/conf/certs/sp.crt - SP certificate file
  • /etc/zabbix/conf/certs/idp.crt - IDP certificate file

Creating certificates in Hanzo IAM: Log in to the Hanzo IAM management interface and follow the system prompts to create two certificates. These two certificates will be used for communication encryption between Zabbix and Hanzo IAM.

Create Certificate

Copying certificates and private keys: Copy the certificate and private key to /etc/zabbix/conf/certs. With Docker, mount the local certificate files into the container.

Step 3:Configuring Zabbix

For SAML configuration in Zabbix, three required fields need to be set: Single Sign - On, Issuer, and Public Certificate.

Log in to the Zabbix management interface, click User -> authentication -> SAML settings.

Zabbix configuration

Configure Zabbix according to the SAML metadata in the Hanzo IAM configuration:

  • idP entity ID (Issuer): Corresponds to entityID="http://localhost:8000". This value identifies the entity ID of Hanzo IAM, and Zabbix will communicate with Hanzo IAM based on this ID.
  • SSO service URL: Corresponds to Location="http://localhost:8000/api/saml/redirect/admin/zabbix". This is the URL of the SSO service provided by Hanzo IAM. When a user initiates an SSO request in Zabbix, they will be redirected to this URL for authentication.
  • username attribute: The SAML attribute used as the username when logging in to Zabbix. Here, Name is used, indicating that Zabbix will use the Name attribute in the SAML assertion as the user's login name.
  • SP entity ID: A unique SP ID that can be set arbitrarily. This ID is used to identify the Zabbix service provider and needs to be consistent with the configuration in Hanzo IAM.

Step 4: Configuring Hanzo IAM

Some necessary configurations need to be made in Hanzo IAM to ensure the normal operation of the integration with Zabbix.

Editing Name and Logo: Log in to the Hanzo IAM management interface, find the relevant settings, and edit the application's name and logo for better presentation to users.

Application Information

Selecting a Certificate: In Hanzo IAM, select zabbix_idp as the certificate for signing and encrypting SAML messages to ensure communication security.

Selecting a Certificate

Redirect URL: Enter the value that identifies your SP (Zabbix). In Zabbix this may be called Audience or Entity ID. It must match the SP entity ID in Zabbix or SSO will fail.

Redirect URL

Reply URL: Enter the URL of the ACS (Assertion Consumer Service) for validating SAML responses. This URL is the address where Zabbix receives SAML assertions sent by Hanzo IAM.

Reply URL

Step 5: Creating a Zabbix User

Create a test user in Zabbix to verify SSO.

  1. Log in to the Zabbix management interface and find the user management module.
  2. Create a user (e.g. username test).

Creating a Zabbix User

Step 6: Creating a Hanzo IAM User

Add a user in Hanzo IAM with the same username as the one set in Zabbix.

  1. Log in to the Hanzo IAM management interface and find the user management module.
  2. Add a new user with the same username as the one created in Zabbix.
  3. Select Zabbix and enter the user's email address.

Creating a Hanzo IAM User

Step 7: Zabbix Login Process

After completing the above steps, test SSO.

Open a browser and visit localhost/index.php.

Login Process1

Click Sign in with Single Sign - On(SAML).

You are redirected to Hanzo IAM; enter username and password to log in.

Login Process2

On successful login, you are redirected back to https://localhost:8080/zabbix.index.php; SSO is then confirmed.

Login Process3

After completing these steps, Zabbix and Hanzo IAM are integrated for SSO. For issues, see the relevant docs or community forums.

How is this guide?

Last updated on

Moodle

Using OAuth to connect Moodle

Using Hanzo IAM as an OAuth2 server in ShowDoc

Using Hanzo IAM as an OAuth2 server in ShowDoc

On this page

Step 1: Deploy Hanzo IAM and Zabbix
Step 2: Adding Certificates
Step 3:Configuring Zabbix
Step 4: Configuring Hanzo IAM
Step 5: Creating a Zabbix User
Step 6: Creating a Hanzo IAM User
Step 7: Zabbix Login Process