Icinga2 Web external authentication

I am running Icingaweb 2.6.3 and Icinga2 2.10.4

I am new to icinga

I am trying to use my apache web server to handle authentication which works

backend = external

But what I don’t fully understand is how do I setup the groups.ini and roles.ini to use the username based on the CN I am passing back from apache ? How do I define just a generic group to grant anyone authenticated read access


when you’re doing external authentication, you’ll need to set the REMOTE_USER environment variable. E.g. with basic auth in Apache, this is set automatically.

Based on that variable value, you’ll specify group memberships in Icinga Web 2, and assign these users/groups into the roles for permissions. Similar to what’s done already with the icingaadmin user from the setup wizard, this belongs to the Administrators group by default.