11. 01. 2021 Gianluca Piccolo Asset Management, NetEye, Unified Monitoring

Use NetEye 4.15 JWT Built-in Authentication to use Fusion Inventory and GLPI

Use Case

Suppose we want to trigger Fusion Inventory execution in a GLPI installation, where we can then use the Autonomous mode to import data into GLPI via a CURL request. Let’s see how JWT (JSON Web Token) can help us in NetEye 4.15.

Prerequisites

  1. A NetEye 4.15 (or later) installation with the Asset module enabled
  2. GLPI with Fusion Inventory (http://fusioninventory.org/)
  3. A working Fusion Inventory agent in the host that generates the inventory

Solution

Now we’re ready to start. Just follow these steps:

  1. Create a role in NetEye called glpi_fusion_inventory_role that has access only to GLPI so it can safely call the Fusion Inventory endpoint:
    1. Assign the user glpi_fusion_inventory to it
    2. In the assetmanagement section, enable the General module access flag
  2. Create a JWT Auth token for the user glpi_fusion_inventory 
    1. Retrieve your public key: cat /neteye/shared/icingaweb2/conf/modules/neteye/jwt-keys/neteye-jwt.pub
    2. Retrieve your private key: cat /root/security/jwt-private-key/neteye-jwt.key
    3. Go to https://jwt.io/#debugger-io to easily create a JWT Auth token:
      1. Select the RS512 hash algorithm
      2. Paste the private key in the right field
      3. Paste the following JSON* in the payload field: { "sub": "glpi_fusion_inventory", "exp": 2516239022 } 
      4. Copy the generated token to a file in a safe folder onto the host that runs the inventory: echo "TOKEN" > /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt
      5. Remember to give the file that contains the JWT token only minimum permissions since this will allow someone to log in to NetEye as the glpi_fusion_inventory user
  3. Trigger agent execution: fusioninventory-inventory | curl -Ls --data @- https://httpd.neteyelocal/glpi/plugins/fusioninventory/ -H "Content-Type: Application/x-compress" -H "Authorization: Bearer $(cat /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt)"

Important Note

Please remember that this is just an example of how to properly send data from Fusion Inventory to GLPI. If you’re going to use this approach often, take care to have an automatic process to refresh the JWT token periodically, and to always set a proper expiration time.

Gianluca Piccolo

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Author

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Latest posts by Gianluca Piccolo

16. 04. 2021 Asset Management, Bug Fixes, NetEye
Bug Fixes for NetEye 4.17
13. 04. 2021 Asset Management, Bug Fixes, NetEye
Bug Fixes for NetEye 4.17
02. 10. 2020 Bug Fixes, NetEye
Bug Fixes for NetEye 4.14
25. 09. 2020 Bug Fixes, NetEye
Bug Fixes for NetEye 4.13
18. 09. 2020 Bug Fixes, NetEye
Bug Fixes for NetEye 4.13
See All

Related Content

Tags: , , ,

11. 02. 2021 Asset Management

IPTool: A New GLPI Plug-in

One of my customers, who uses GLPI very extensively for asset management, recently brought me a new request wanting a central overview of their host and IP registration. These host names and IPs are currently being maintained across various applications Read More
30. 09. 2020 NetEye, Service Management

GLPI – SIM Card Data Migration from Plugin to Core

Beginning with GLPI version 0.83 a very useful plugin to record SIM card data was available. The plugin was created by Walid Nouh and then updated by Anthony Piesset and Thierry Bugier Pineau, and was very convenient for keeping track Read More
15. 07. 2020 Unified Monitoring

GLPI and Ticketing

At the beginning of the year, the OCS and GLPI asset management solutions were integrated into NetEye 4. And so we have been increasingly implementing projects in this environment. In fact recently I was once again able to activate and Read More
02. 07. 2019 Log-SIEM, NetEye

Proxy Authentication with Grafana 6.2

Until now, authentication of NetEye users on Grafana was achieved by means of session cookies, which were provided by the Grafana server when authenticating in Icinga Web 2. However, with the upgrade of Grafana from version 5.2 to version 6.2, Read More
29. 01. 2018 Log-SIEM, NetEye

From Software Inventory to Vulnerabilities!

Now that your company has invested time and resources in gathering information about your entire installed base of software and equipment, how can we analyze and measure its level of security protection?  Can we identify the vulnerabilities in your company’s Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal
net.support@wuerth-phoenix.com

Subscribe to Feed

Article     Comments
Insert your E-Mail address:

Archive