Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Current »

The automatic login via the URL in the browser described below has been disabled for security reasons since Checkmk 2.2.0, because the credentials (user name and password) passed via URL are stored in the log files of the site-specific Apache (see Werk #14261). If you want to use automatic login via the URL despite this security risk, you must explicitly enable this with the global setting Setup > General > Global settings > User interface > Enable login via GET requests.

Please refer to our Official Documentation for additional information.

LAST TESTED ON CHECKMK 2.1.0P1

Table of Contents

Access Checkmk view within an Iframe

If your site Apache is secured by cookie-based authentication

OMD[mysite]:~$ omd config show MULTISITE_COOKIE_AUTH
on


The URL for auto login needs to be set like this:

http://localhost/mysite/check_mk/login.py?_origtarget=/mysite/check_mk/view.py?view_name=allhosts&_username=cmkadmin&_password=cmk&_login=1

 

If your site Apache is secured by basic auth, the URL for auto login needs to be set like this:

http://cmkadmin:cmk@localhost/mysite/check_mk/view.py?view_name=allhosts


The same procedure for Nagios views presenting in an Iframe!

Debug HTTPS iframes

Problem

Since Werk #6774, it's not possible to use an HTTPS Iframe within Checkmk (this also affects nagvis). 

If you're considering doing this, please remember that this is a security issue and not supported by us. 

Determine the issue

You get the following broken page when opening an HTTPS Iframe within Checkmk.

Screenshot of broken page within an iFrame


For a more verbose error message, open the developer tools of the current browser, select the Header Console, and refresh the page. This is usually done with the F12 key:

Screenshot of broken page within an iFrame. Web inspector enabled with a section of the error message highlighted.


The browser also produces an error about the missing Content-Secuirty-Policy (CSP). Please keep in mind that many Software/Pages do not want to be integrated as an Iframe due to security settings.


  • No labels