AUTH in Icingaweb2

I’m looking to use CAS for Auth into Icinga web 2. My question is, how would I configure the users / access level in the app. Would i have to manually add them into groups in the UI ?

I am asking this because when I configure CAS, I configured Icinga backend as external and then the rest of mod_auth_cas as required by our environment

<Location "/">
  Order allow,deny
  Deny from all
  AuthType CAS
  AuthName "name"
##  CASAuthNHeader On
  Require cas-attribute "affiliation:affil"
##  Require valid-user
  Satisfy Any
  SetHandler None

but then after auth I get dropped here

/*! Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */

require_once '/usr/share/php/Icinga/Application/webrouter.php';

this is what would typically be a beautiful Icinga dashbard :slight_smile:

Any help would be appreciated.

I modifed my to include /icingaweb2 and now it seems to be working better.

It now drops me at the icinga login page and tells me i’ve configured no auth sources and the ini does not exist. If I revert back to DB auth. all works just fine.

So, the question is, How can I get CAS auth working in Icingaweb2, I have it working in Nagios

I am officially stuck.

I can’t help you CAS, don’t have any experience with it, though Icinga Web 2’s external authentication only requires one of two environment variables being set (REMOTE_USER or REDIRECT_REMOTE_USER).

The server module should maintain one of those environment variables and populate it with the username that should be used in Icinga Web 2.

Thank you for the response. I was able to get it working. the CAS module was configured to disable content handling. This prevented php-fpm from getting the proxy or anything like that.

Thank you.

Should I start a new thread for this? I could probably seaerch but i am actively typing. :slight_smile:

How do I handle roles and groups for users that auth via this method?

I was able to figure it out.

Just add the user to a group, no need to add them locally.

Thank you very much for the attempted help while I get my bearings.

This can be closed, if that’s a thing here.