1 HTTP

Overview

HTTP or web server-based authentication (for example: BasicAuthentication, NTLM/Kerberos) can be used to check user names and passwords. Note that a user must exist in Zabbix as well, however its Zabbix password will not be used.

Be careful! Make sure that web server authentication is configured and works properly before switching it on.

Configuration

1 HTTP - 图1

Configuration parameters:

ParameterDescription
Enable HTTP authenticationMark the checkbox to enable HTTP authentication. Hovering the mouse over 1 HTTP - 图2 will bring up a hint box warning that in the case of web server authentication, all users (even with frontend access set to LDAP/Internal) will be authenticated by the web server, not by Zabbix.
Default login formSpecify whether to direct non-authenticated users to:
Zabbix login form - standard Zabbix login page.
HTTP login form - HTTP login page.
It is recommended to enable web-server based authentication for the indexhttp.php page only. If Default login form is set to ‘HTTP login page’ the user will be logged in automatically if web server authentication module will set valid user login in the $SERVER variable.
Supported $_SERVER keys are PHP_AUTH_USER, REMOTE_USER, AUTH_USER.
Remove domain nameA comma-delimited list of domain names that should be removed from the username.
E.g. comp,any - if username is ‘<a href=”https://www.zabbix.com/cdn-cgi/l/email-protection“ class=”__cf_email“ data-cfemail=”f1b0959c989fb1909f88”>[email protected]‘, ‘comp\Admin’, user will be logged in as ‘Admin’; if username is ‘notacompany\Admin’, login will be denied.
Case sensitive loginUnmark the checkbox to disable case-sensitive login (enabled by default) for usernames.
E.g. disable case-sensitive login and log in with, for example, ‘ADMIN’ user even if the Zabbix user is ‘Admin’.
Note that with case-sensitive login disabled the login will be denied if multiple users exist in Zabbix database with similar usernames (e.g. Admin, admin).

For internal users who are unable to log in using HTTP credentials (with HTTP login form set as default) leading to the 401 error, you may want to add a ErrorDocument 401 /index.php?form=default line to basic authentication directives, which will redirect to the regular Zabbix login form.