## Single Sign On (SSO) Authentication

Opsview Monitor can use LDAP and Active Directory for Single Sign On (SSO) functionality.

For information around configuration, testing, troubleshooting and more - see Section [LDAP / Active Directory](🔗)

## Theme/White Labelling

Opsview Monitor can be themed by updating a custom.css file. This file is retained across upgrades, so it will not be overwritten. However, if there are major changes to Opsview's web application, your settings may not work anymore.

The following items can be modified by the instructions below:

  • Login logo

  • Login button color

  • Login background color

  • Navigation color

  • Navigation menu logo

An example of a customised theme is here:

**Note**: You will need to be the root user to make changes to files or to add new images.

Update the file at `/opt/opsview/webapp/docroot/static/stylesheets/custom.css` with the contents above.

Your Login image should be placed into `/opt/opsview/webapp/docroot/static/images/` as `logo-login.png`. Use a width of 256 pixels by height 120. You can double the dimensions if you want a higher resolution image to be displayed. Ensure the permissions are owner root, group opsview, mode 644.

Your Navigation menu logo should replace `/opt/opsview/webapp/docroot/static/theme-opsview/resources/images/opsview/opsview-logo-default.png`. Use a width of 56 pixels by height 80 (or double both dimensions for higher resolution).

**Note**: This file will be overwritten on an upgrade and you will need to apply again.

### Examples

Using modified images and the above CSS file, we can have a system that looks like:

**Login page**


**Hashtags page**


**Hosts List Page**


## Managing Host Icons

Opsview Monitor ships with a number of host icons that can be used to help identity device types at a glance (if they are configured on the device on the Host edit page).

You can manage your own host icons by using the `/opt/opsview/coreutils/bin/hosticon_admin` script on the command line. The host icons themselves must be 40×40 and in PNG format. This script contains its own documentation which can be accessed using `hosticon_admin -h`.

### Adding a host icon

In order to add an icon to Opsview which you have uploaded, use the following command:


  • 'LOGO - hosticon' is the name of the icon to be displayed within the Host edit page dropdown menu

  • /path/to/hosticon.png is the path to the icon to be uploaded.

**Errors you may receive: **

Ensure imagemagick (dpkg) or ImageMagick (yum) is installed:

Ensure the command is run as the root user:

### Removing an icon

Host icons are removed from the configuration but they are not removed from the filesystem.

Obtain the exact name of the icon by running the following:

Then run the following:

## Re-Homing

It is possible to rehome the Opsview Web application on the master so that Opsview is served at a different location, rather than served at the root level - for example, instead of `https://server.example.com/`, it can be `https://server.example.com/myopsview`.


  • Expects to only be 1 level deep (eg: /services/myopsview is not supported)

  • Opsview reporting module is not possible to rehome and will be served under /jasperserver

As the `root` user, update the `/opt/opsview/deploy/etc/user_vars.yml` file and add or amend the following parameter:

Then run:

This will make the necessary adjustments to opsview-webserver and opsview-web-app.

### Double Proxying

When rehomed, you can use Opsview Monitor behind another frontend proxy. As such, when a user accesses the proxy in a browser, the sequence to access Opsview Monitor might be:

  1. External request reaches _opsview-external.example.com_; (your proxy server)

  2. _opsview-external.example.com_ proxies to _opsview-internal.example.com_ or an ip address. (your opsview webserver)

The changes required are:

  • Setup the proxy configuration for the frontend proxy

  • Enable the "Ignore IP in Authentication cookie" feature

You can use the following example configurations for Apache2 or for NGINX proxies (assuming SSL is used between the proxy and the opsview server). The full installation of the proxy server is not described here since it will be too specific to the infrastructure. The below configuration is required for Opsview to function through a proxy.

#### Apache2 Proxy

Place the Location configuration in your frontend proxy to forward to your Opsview Monitor server:

#### NGINX Proxy

Place the Location configuration in your frontend proxy to forward to your Opsview Monitor server:

### Ignore IP in Authentication Cookie

By default, authentication in Opsview Monitor will confirm if the IP address encoded in the request is the same as the browser IP. You need to disable this check if you have forward proxies that mask the browser IP. A symptom of this problem is that you will be able to login to the monitoring pages but access to Reports and Netaudit will return the login page and give the error message:

To ignore the IP checking, as the root user, add the following line into `/opt/opsview/deploy/etc/user_vars.yml` on the Opsview Monitor server:

Then run:

## Web Authentication Timeout

You can configure the amount of time that a web session can run before it expires. This is controlled by these two variables in user_vars.yml:

Then run as root:

Note: Any automatic refreshes, such as in Navigator or in Dashboard, will extend the timeout.