How to add SSO (SAML) authentication

[axlmrlls]

Hi,

Thank you for maintaining this great project, I'm currently deploying Zabbix using this chart and would like to integrate SSO authentication via SAML with Azure AD Entra ID. However, I'm unsure about the best way to configure this, I have read the docs https://www.zabbix.com/documentation/current/en/manual/appendix/install/azure_ad, Does the chart already suppot SAML-based SSO, or would custom image and configuration be required?

[fibbs]

Yes, I have SAML based auth working, with Keycloak. Please also read Zabbix's official documentation on how to configure SAML for the certificates, the needed settings under Administration (Web UI URL), the needed settings in Authentication and such.

regarding the Helm-based installation, this is the portion of values.yaml for the zabbixWeb component:

zabbixWeb:
  enabled: true
  replicaCount: 2
  podAntiAffinity: true
  samlCertsSecretName: zabbix-web-samlcerts
  extraEnv:
    - name: ZBX_SSO_SETTINGS
      value: '{"baseurl": "https://zabbix.my-company.org"}'
    - name: ZBX_MEMORYLIMIT
      value: 512M

The relevant parts for SAML are:

• ZBX_SSO_SETTINGS env variable also referring to the Zabbix URL (not sure anymore why I needed this)
• samlCertsSecretName secret reference

The appropriate secret in my case (I am only using a certificate on the Zabbix side, no cert/key combination), this secret has one key: idp.crt which contains the base-64 encoded content of the (actually also base64-encoded, but with newlines) typically seen representation of the certificate needed for SAML on the "service provider"'s side.

That's it.

HTH

Christian