Internal Web Service Check with redirected authentication

Note: As of the publication of this article, collector 25.000 is a GD (optional general release), which means this article will be obsolete as version goes forward.

In the past 2-3 months I had two cases whereby error occurred when an Internal Service Check of a website is authenticated with NTLM using ADFS. That error seemed odd with a message of: 

Quote

The website requires client-side authentication

or in the detailed response, it can be seen as:

<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

regardless whether the credentials (username,password) set in the Service Check configuration are correct. 

Based on the design by Product & Development team, previous collector version (before 24.300), the error is "normal" due to the fact that the URL of the request origin is different from authentication URL, which in this case is ADFS URL and the collector does not pass the credentials to the authentication server which makes the process fails.

Fortunately with the arrival of version 25.000, this all has been changed so redirected authentication will be supported as explained in this document:

Quote

• Support for NTLM proxy authentication for Internal Service checks.

(see "General Deployment Collector - 25.0")

It is evident with my little test that you may also see in the screenvideo below:

• website to check: http://admin.lmglobalsupport.com (redirected to http://pk.lmsupportteam.com)
• ADFS authentication: https://fspk.lmsupporteam.info

 

 

The following is additional screenshots of the location in IIS (which I used for my test) to configure the HTTP redirection:

    

Here is just a preview about website authentication in a browser: