11. 01. 2021 Gianluca Piccolo Asset Management, NetEye, Unified Monitoring

Use NetEye 4.15 JWT Built-in Authentication to use Fusion Inventory and GLPI

Use Case

Suppose we want to trigger Fusion Inventory execution in a GLPI installation, where we can then use the Autonomous mode to import data into GLPI via a CURL request. Let’s see how JWT (JSON Web Token) can help us in NetEye 4.15.

Prerequisites

  1. A NetEye 4.15 (or later) installation with the Asset module enabled
  2. GLPI with Fusion Inventory (http://fusioninventory.org/)
  3. A working Fusion Inventory agent in the host that generates the inventory

Solution

Now we’re ready to start. Just follow these steps:

  1. Create a role in NetEye called glpi_fusion_inventory_role that has access only to GLPI so it can safely call the Fusion Inventory endpoint:
    1. Assign the user glpi_fusion_inventory to it
    2. In the assetmanagement section, enable the General module access flag
  2. Create a JWT Auth token for the user glpi_fusion_inventory 
    1. Retrieve your public key: cat /neteye/shared/icingaweb2/conf/modules/neteye/jwt-keys/neteye-jwt.pub
    2. Retrieve your private key: cat /root/security/jwt-private-key/neteye-jwt.key
    3. Go to https://jwt.io/#debugger-io to easily create a JWT Auth token:
      1. Select the RS512 hash algorithm
      2. Paste the private key in the right field
      3. Paste the following JSON* in the payload field: { "sub": "glpi_fusion_inventory", "exp": 2516239022 } 
      4. Copy the generated token to a file in a safe folder onto the host that runs the inventory: echo "TOKEN" > /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt
      5. Remember to give the file that contains the JWT token only minimum permissions since this will allow someone to log in to NetEye as the glpi_fusion_inventory user
  3. Trigger agent execution: fusioninventory-inventory | curl -Ls --data @- https://httpd.neteyelocal/glpi/plugins/fusioninventory/ -H "Content-Type: Application/x-compress" -H "Authorization: Bearer $(cat /safe-jwt-tokens-folder/glpi_fusion_inventory.jwt)"

Important Note

Please remember that this is just an example of how to properly send data from Fusion Inventory to GLPI. If you’re going to use this approach often, take care to have an automatic process to refresh the JWT token periodically, and to always set a proper expiration time.

Gianluca Piccolo

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Author

Gianluca Piccolo

Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.

Latest posts by Gianluca Piccolo

15. 03. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
23. 02. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
19. 01. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.32
19. 01. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.33
20. 12. 2023 Development
How to Debug PHP xDebug XD
See All

Related Content

Tags: , , ,

04. 04. 2024 Bug Fixes

Important GLPI Agent 1.7.3 Security Advisory

Type/Severity Security Advisory: High Topic There is a security update for GLPI Agent Description This version specifically fixes 2 critical security issues related to MSI packaging on Windows: CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain Read More
06. 12. 2023 Asset Management, Service Management

Würth Phoenix is a GLPI Gold Partner! Exclusive News from GLPI Partner Day

The popular open source software suite GLPI, an acronym for Gestionnaire Libre de Parc Informatique, has been part of the NetEye ecosystem since its beginnings, more than 15 years ago. GLPI includes a comprehensive, pre-configured IT Asset management database, an Read More
28. 06. 2023 Asset Management, NetEye, Unified Monitoring

GLPI Remote Inventory – Part 2 (Windows)

In GLPI Remote Inventory - Part 1 I described how to perform a remote inventory of Linux machines. Here in Part 2 I'll describe instead how to perform a remote inventory on Windows machines using the WinRM (Windows Remote Management) Read More
26. 06. 2023 Asset Management, NetEye, Unified Monitoring

GLPI Remote Inventory – Part 1 (Linux)

Since NetEye version 4.29, the GLPI module has been upgraded to version 10. With this update GLPI introduced a new feature, making it possible to perform agentless inventories. Given the wide interest regarding this new feature from many of our Read More
06. 06. 2023 NetEye, Service Management

SSSD for Active Directory Authentication

We all know that NetEye can grant access to its Web Interface through local users, or through the use of LDAP queries that can filter and grant GUI access to users or groups of a given Active Directory domain. What Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive