I am trying to use my apache web server to handle authentication which works
[autologin]
backend = external
But what I don’t fully understand is how do I setup the groups.ini and roles.ini to use the username based on the CN I am passing back from apache ? How do I define just a generic group to grant anyone authenticated read access
when you’re doing external authentication, you’ll need to set the REMOTE_USER environment variable. E.g. with basic auth in Apache, this is set automatically.
Based on that variable value, you’ll specify group memberships in Icinga Web 2, and assign these users/groups into the roles for permissions. Similar to what’s done already with the icingaadmin user from the setup wizard, this belongs to the Administrators group by default.