I want to add the privacyIDEA 3.6.3 server to our monitoring system (Checkmk) but I’m quite confused on how to use the API endpoint (GET /monitoring) as it says “Authentifizierungsfehler. Fehlender Authentifizierungsheader.” in the response.
Do I have to create a stats_key first? Or is a dedicated user needed for authentication?
Do I have to create scheduled tasks for the simplestats and eventcounter modules?
Also, is there a proper way to check if the /ttype/push API endpoint is reachable other than just using a GET request and accepting the error message “ERR905: Missing parameter: 'serial” as OK?
Signature verification failed looks like curl verifying the SSL certificate presented by the site (PI). Have you tried using --no-check-certificate with the command?
I used curl with the -k switch which is the equivalent of wget --no-check-certificate as far as I know:
-k, --insecure
(SSL) This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all
connections considered “insecure” fail unless -k, --insecure is used.
This is the full response from the PrivacyIDEA server: {"detail": null, "id": 1, "jsonrpc": "2.0", "result": {"error": {"code": 4304, "message": "Authentication failure. Error during decoding your token: Signature verification failed"}, "status": false}, "time": 1651235017.0234008, "version": "privacyIDEA 3.6.3", "signature": "rsa_sha256_pss:[...]