ID: 14976
Title: Add SAML Authentication to Checkmk UI
Component: setup
Level: 1
Class: New feature
Version: 2.2.0i1
SAML authentication is now integrated with the Checkmk UI.
The initial feature set includes the following:
LI: Single sign-on (HTTP POST binding/front channel communication)
LI: Setup page to configure one or more SAML connections: Setup -> Users -> SAML Authentication
LI: Automatic user creation and user attribute synchronization at login time
LI: Signing of requests and signature verification of responses. Supported algorithms: SHA256, SHA384, SHA512
LI: Logging to $OMD_ROOT/var/log/web.log for administrative and debugging purposes
LI: Option to log in with username and password for non-SAML users (htpasswd/LDAP)
With this change, we also deprecate the previous SAML integration approach on Apache level based on mod_auth_mellon. Support will be dropped with Checkmk version 2.3.0. If you would still like to use this approach in version 2.3.0 and beyond, mod_auth_mellon will need to be installed.
ID: 14977
Title: SAML Apache configuration with mod_auth_mellon is deprecated
Component: setup
Level: 1
Class: New feature
Version: 2.2.0i1
The SAML integration approach on Apache level based on mod_auth_mellon is
deprecated. In all Enterprise Editions of Checkmk, SAML is now configurable via
the Setup (see werk #14976 for details).
mod_auth_mellon continues to be available in Checkmk version 2.2.0, but will be
removed with version 2.3.0. If you would like to use this SAML configuration
approach in version 2.3.0 and beyond, mod_auth_mellon will need to be
installed. However, please note that support will be fully dropped in version
2.3.0.
ID: 15092
Title: HW/SW Inventory: Remove declare_joined_inventory_table_view
Component: HW/SW Inventory
Level: 1
Class: New feature
Version: 2.2.0i1
With werk 10836 the {{declare_joined_inventory_table_view}} function was
introduced.
Due to the werks 15086, 15087 there is no need for this programatical approach
of joining inventory tables anymore.
ID: 15217
Title: custom_user_attributes: after deleting, all user config will be updated
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
This werk introduces a fix in the REST-API to avoid a race condition
when calling the user_config endpoint. After you delete any custom
attribute via the gui interface, all users config will be updated
to reflect the change.
ID: 14941
Title: Extend ps check
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
With this werk, the process check is able to monitor memory levels for indivudual
processes either with a single datapoint resolution or by using a time-averaged
resolution.
ID: 15187
Title: Enforce password policy in REST API and user management
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
Prior to this Werk both the REST API and the user management UI (Setup > Users) did not correctly enforce the password policy for local accounts.
As a result, administrators with the "User management" permission could set passwords that don't comply with the policy for their own or other users' accounts.
Note that the "Change password" option in the user profile menu was not affected by the issue and correctly checked the password policy.
ID: 15252
Title: Fixed "processing of perfdata" condition
Component: Core & setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
The logic for the processing of performance data was broken: It should only
be done when the global switch is activated <em>and</em> the processing is
enabled for the host/service in question. The condition was incorrectly
using an "or" for this, this has been fixed.
ID: 14581
Title: AWS: Allow configurable piggyback names
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
When creating a piggyback host for an EC2 instance, <tt>agent_aws</tt> uses the format
C+:
{Private IPv4 address}-{region}-{Instance ID}
C-:
This format guarantees that the piggback name is always unique, even when instances are restarted
and could potentially switch their IP address. However, in practice this problem can be neglected
and only using the Private IP DNS name as a piggyback name is safe. With this werk, the option
<tt>Piggyback names</tt> in the rule <tt>Amazon Web Services (AWS)</tt> allows you to configure how
piggyback hosts are named.
Note, that if a host changes it's name, then all historical data is lost.
ID: 15019
Title: Fix proxmox agent crash with shutdown nodes
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The proxmox agent would fail with a KeyError when a proxmox VE node was shutdown.
The error occured because a we do not get information for the timezone of shutdown
nodes. The timezone information is used to convert timestamps for backups to utc.
When no timezone information is found for a node we use the timezone of the first
node we process.
ID: 14580
Title: DCD: Piggyback hosts are now updated and deleted again
Component: Dynamic host configuration
Level: 2
Class: Bug fix
Version: 2.2.0i1
The rule <tt>Dynamic host management</tt> allows user to configure automatic creation, updating and
deleting of hosts. With werk 15206 (included in 2.1.0p20), the underlying mechanism, <tt>Dynamic
Configuration Daemon</tt> would no longer update and delete hosts.