ID: 15262
Title: mk_postgres.py: Improved instance process detection
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
This werk affects the monitoring of one or more PostgreSQL instances via the Postgres agent plugin for Linux. The changes to the process filtering introduced in werk #15085 could lead to an empty "postgres_instances" section if the instance name contained capital letters.
Now, a case-sensitive filter is applied first, allowing case-insensitive filtering only if no processes could be found.
In order to apply this change you will need to reinstall the agent plugin.
ID: 15214
Title: rest_api: aux_tag creation/updating could set the title to None
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
Aux tag creation or updating could result in the title being
set to None or even an empty string. This change prevents that
by setting a min length of 1 for this field.
ID: 15123
Title: Fix lost changes while editing dashboards
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If you edited a dashboard, e.g. moved a dashlet arround, sometimes these
dashlet was positioned as before after the next change in the dashboard.
This has been fixed.
ID: 14976
Title: Add SAML Authentication to Checkmk UI
Component: setup
Level: 1
Class: New feature
Version: 2.2.0i1
SAML authentication is now integrated with the Checkmk UI.
The initial feature set includes the following:
LI: Single sign-on (HTTP POST binding/front channel communication)
LI: Setup page to configure one or more SAML connections: Setup -> Users -> SAML Authentication
LI: Automatic user creation and user attribute synchronization at login time
LI: Signing of requests and signature verification of responses. Supported algorithms: SHA256, SHA384, SHA512
LI: Logging to $OMD_ROOT/var/log/web.log for administrative and debugging purposes
LI: Option to log in with username and password for non-SAML users (htpasswd/LDAP)
With this change, we also deprecate the previous SAML integration approach on Apache level based on mod_auth_mellon. Support will be dropped with Checkmk version 2.3.0. If you would still like to use this approach in version 2.3.0 and beyond, mod_auth_mellon will need to be installed.
ID: 14977
Title: SAML Apache configuration with mod_auth_mellon is deprecated
Component: setup
Level: 1
Class: New feature
Version: 2.2.0i1
The SAML integration approach on Apache level based on mod_auth_mellon is
deprecated. In all Enterprise Editions of Checkmk, SAML is now configurable via
the Setup (see werk #14976 for details).
mod_auth_mellon continues to be available in Checkmk version 2.2.0, but will be
removed with version 2.3.0. If you would like to use this SAML configuration
approach in version 2.3.0 and beyond, mod_auth_mellon will need to be
installed. However, please note that support will be fully dropped in version
2.3.0.
ID: 15092
Title: HW/SW Inventory: Remove declare_joined_inventory_table_view
Component: HW/SW Inventory
Level: 1
Class: New feature
Version: 2.2.0i1
With werk 10836 the {{declare_joined_inventory_table_view}} function was
introduced.
Due to the werks 15086, 15087 there is no need for this programatical approach
of joining inventory tables anymore.
ID: 15217
Title: custom_user_attributes: after deleting, all user config will be updated
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
This werk introduces a fix in the REST-API to avoid a race condition
when calling the user_config endpoint. After you delete any custom
attribute via the gui interface, all users config will be updated
to reflect the change.
ID: 14941
Title: Extend ps check
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
With this werk, the process check is able to monitor memory levels for indivudual
processes either with a single datapoint resolution or by using a time-averaged
resolution.
ID: 15187
Title: Enforce password policy in REST API and user management
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
Prior to this Werk both the REST API and the user management UI (Setup > Users) did not correctly enforce the password policy for local accounts.
As a result, administrators with the "User management" permission could set passwords that don't comply with the policy for their own or other users' accounts.
Note that the "Change password" option in the user profile menu was not affected by the issue and correctly checked the password policy.