Sign in to follow this  
Purnadi K

Internal Web Service Check with redirected authentication

Recommended Posts

Note: As of the publication of this article, collector 25.000 is a GD (optional general release), which means this article will be obsolete as version goes forward.

In the past 2-3 months I had two cases whereby error occurred when an Internal Service Check of a website is authenticated with NTLM using ADFS. That error seemed odd with a message of: 

Quote

The website requires client-side authentication

or in the detailed response, it can be seen as:

<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

regardless whether the credentials (username,password) set in the Service Check configuration are correct. error_auth.thumb.png.d58dad9527f901c2630dc13b79eaefe4.png

Based on the design by Product & Development team, previous collector version (before 24.300), the error is "normal" due to the fact that the URL of the request origin is different from authentication URL, which in this case is ADFS URL and the collector does not pass the credentials to the authentication server which makes the process fails.

Fortunately with the arrival of version 25.000, this all has been changed so redirected authentication will be supported as explained in this document:

Quote
  • Support for NTLM proxy authentication for Internal Service checks.

(see "General Deployment Collector - 25.0")

It is evident with my little test that you may also see in the screenvideo below:

auth_redirection_coll25000.thumb.gif.7ccfd6c14ee192ef11f2eeec0a9bcdc4.gif

 

 

The following is additional screenshots of the location in IIS (which I used for my test) to configure the HTTP redirection:

http-redirect_setup.thumb.png.6dafeac295bb2a0fe766b2a62c7a84ad.png    url_redirection.thumb.png.ee695fbef0d3fec3686aa30277d3ec1f.png

Here is just a preview about website authentication in a browser:

auth_redirection.gif.c19b4bd160045320017bdb8ffe42cc57.gif

 

Edited by Purnadi K

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this