Page MenuHomePhabricator
Create Task
Maniphest T245743

Icinga check for CAS-protected web services
Closed, ResolvedPublic
Actions

Description

We currently have a few web services behind LDAP auth which deploy an Icinga check whether the endpoint is protected by LDAP (implemented via the check_https_unauthorized Icinga check which checks for a 401 response).

We should create a similar Icinga check CAS-projected end points, it could e.g. that accessing the protected endpoint triggers an 301 TLS redirect to the IDP login page.

This could be added via a dedicated profile (which in turn could be added to profile::idp::client::http, so that the check is added by default).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
profile::idp::client::httpd: add check for sso redirectoperations/puppetproduction+21 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT233921 Further steps for CAS/web SSO
 ResolvedjbondT245743 Icinga check for CAS-protected web services

Event Timeline

MoritzMuehlenhoff created this task.Feb 20 2020, 2:37 PM
chasemp triaged this task as Medium priority.Feb 20 2020, 3:47 PM
chasemp moved this task from Incoming to Watching on the Security-Team board.
gerritbot added a comment.Mar 24 2020, 2:01 PM

Change 583078 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] profile::idp::client::httpd: add check for sso redirect

https://gerrit.wikimedia.org/r/583078

gerritbot added a project: Patch-For-Review.Mar 24 2020, 2:01 PM
jbond moved this task from Unsorted 💣 to Active 🚁 on the User-jbond board.Mar 24 2020, 2:51 PM
gerritbot added a comment.Mar 26 2020, 2:09 PM

Change 583078 merged by Jbond:
[operations/puppet@production] profile::idp::client::httpd: add check for sso redirect

https://gerrit.wikimedia.org/r/583078

Maintenance_bot removed a project: Patch-For-Review.Mar 26 2020, 2:10 PM
MoritzMuehlenhoff added a project: CAS-SSO.May 6 2020, 11:22 AM
jbond closed this task as Resolved.May 26 2020, 9:28 AM
jbond claimed this task.

This is now in place, resolving

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits