I would like to implement a SSO authentication system in front of my future Icinga2 infrastructure.
After reading the documentation, it will be fine for the Icinga2 API. As the API is under /v1, I’ll whitelist this path in my SSO configuration so I can continue to use the ApiUser objects
But for Icinga Director, the documentation says: “Most URLs you can access with your browser will also act as valid REST url endpoints.”. And the authentication is based on user account of Icinga Web 2.
So I cannot whitelist the URLs of Director in my SSO configuration, because it will break the SSO for real user.
Is there any possibility to configure the Director API with a prefix?
Do not hesitate to request more details if my post is not obvious
Thanks for reading.