misp icon indicating copy to clipboard operation
misp copied to clipboard

Published 20 hours ago verified publisher icon NUKIB

OIDC An Internal Error Has Occurred

Open elenezet opened this issue 1 year ago • 2 comments

Hello,

I 'm trying to use misp with CAS OIDC. All seem ok but i have this error : 2023-03-10 13:27:45 Error: [JakubOnderka\JsonException] Could not decode provided JSON Request URL: /users/login Stack Trace: #0 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(210): JakubOnderka\Json::decode() #1 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(2208): JakubOnderka\CurlResponse->json() #2 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(890): JakubOnderka\OpenIDConnectClient->endpointRequest() #3 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(555): JakubOnderka\OpenIDConnectClient->requestAuthorization() #4 /var/www/MISP/app/Plugin/OidcAuth/Lib/Oidc.php(22): JakubOnderka\OpenIDConnectClient->authenticate() #5 /var/www/MISP/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php(33): Oidc->authenticate() #6 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(772): OidcAuthenticate->authenticate() #7 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(612): AuthComponent->identify() #8 /var/www/MISP/app/Controller/UsersController.php(1211): AuthComponent->login() #9 [internal function]: UsersController->login() #10 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs() #11 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction() #12 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke() #13 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch() #14 {main}

I try all options but i don't know why there is a problem. My conf : misp nginx for https oidc

The format is : { "sub": "[email protected]", "service": "https://misptux.com/", "auth_time": 1678438129, "attributes": { "email": "[email protected]", "roles": "misp-access", "userId": "E4883" }, "id": "[email protected]", "client_id": "sgp5Ngmy345Aq9grDtkywncgz7Hj9HhYhtKorLMSeQoiSXFw9vUMcxU2kSTjTfYk" }

I don't understant what's wrong?

elenezet avatar Mar 10 '23 13:03 elenezet

I believe the "roles" claim is assumed to be an array, so instead of "roles": "misp-access" the Oidc plugin only accepts "roles": ["misp-access"] (I have the same issue with using AWS Cognito which also only supports returning string types in custom claims, so I'm running with a patched plugin to work around this).

haavardw avatar May 13 '23 12:05 haavardw

Also it could be that the "roles" claim need to be at the top level, i.e not nested within the attributes block.

haavardw avatar May 13 '23 12:05 haavardw