Table of Contents |
---|
In addition to that this manual: https://docs.checkmk.com/latest/en/wato_user.html#_automatic_login_via_the_url we will show you when to use which URL for an automatic login via URL
If your site apache Apache is secured by cookie based authentication
Code Block |
---|
OMD[multisite]:~$ omd config show MULTISITE_COOKIE_AUTH on |
the URL for autologin auto login needs to be set like this:
Code Block | ||||
---|---|---|---|---|
| ||||
http://localhost/test/check_mk/login.py?_origtarget=/test/check_mk/view.py?view_name=allhosts&_username=cmkadmin&_password=cmk&_login=1 |
If your site apache Apache is secured by basic auth, the URL for autologin auto login needs to be set like this:
...
The same procedure for Nagios views presenting in an Iframe!
Content Security Policy
Our content security policy by default prevents you from embedding Checkmk into other websites, because being run in arbitrary iframes can be a security problem.
A website can constrain in both sides. Which sites are allowed to be included and which sites are allowed to include us.
To solve this you can add a configuration file, e.g., `etc/apache/conf.d/zzz_iframe.conf` (It must be loaded after etc/apache/conf.d/security.conf) with the following content:
Code Block | ||||
---|---|---|---|---|
| ||||
<IfModule mod_headers.c>
Header always edit Content-Security-Policy "frame-ancestors 'self' ;" "frame-ancestors 'self' YOUR-SERVER:YOUR-PORT ;"
Header always unset X-Frame-Options
</IfModule> |
What it does is to change the frame-ancestors directive and add a YOUR-SERVER:YOUR-PORT host. (This needs to be changed to the target system). It leaves the remaining CSP header as is.
Be advised: We do not recommend doing this due to the security concerns.
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...