Cortex
Cortex copied to clipboard
TheHive-Project
Azure oauth2 sso
Hi,
I try configure the Azure oauth2 with sso for Cortex authentication. I have created Azure APP registration.
Some one have same issue?
`auth { provider = [local,oauth2] oauth2 { # URL of the authorization server clientId = "[DELETED]" clientSecret = "[DELETED]" redirectUri = "https://[DELETED]/api/ssoLogin" responseType = "code" grantType = "authorization_code"
# URL from where to get the access token
authorizationUrl = "https://login.microsoftonline.com/[DELETED]/oauth2/v2.0/authorize"
tokenUrl = "https://login.microsoftonline.com/[DELETED]/oauth2/v2.0/token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
userUrl = "https://graph.microsoft.com/oidc/userinfo""
scope = ["openid email profile offline_access User.Read"]
}
sso {
# Autocreate user in database?
autocreate = false
# Autoupdate its profile and roles?
autoupdate = false
# Autologin user using SSO?
#autologin = false
mapper = "simple"
attributes {
login = "email"
name: "displayName"
roles = "role"
}
defaultRoles = ["read"]
defaultOrganization = "[DELETED]"
}
} `
And the log give the following result:
2021-01-26 19:26:14,812 [DEBUG] from org.elastic4play.services.auth.MultiAuthSrv in application-akka.actor.default-dispatcher-18 - oauth2 AuthenticationError OAuth2 authentication failure: User info fails: 2021-01-26 19:26:14,812 [INFO] from org.thp.cortex.services.ErrorHandler in application-akka.actor.default-dispatcher-18 - GET /api/ssoLogin?code=0.ARAAURdHXXWWjUKRe3D0T5YwsOVrmVDjzaRDou8AVJdKk8oQAAA.AQABAAIAAABeStGSRwwnTq2vHplZ9KL42b_uk5am4BfdP6yD3Fhr12eru5nFHHlPjPlO7g-5rk0yqx2YNTBjNaH_jfg6A2qan2Cr0oAsivarn-v1-fJFaC6HlswWNgI9OCT_816rY1oVqTmDvg-TCHKZfSLWilxGL2nMoYljSYe4z-09E5k5h7R_6WGpxFp_xVSoljseH9P9dIYOxZRTeGzeHoHLQ6yoweCJjEWXubTZOuBi9OhYg7CARw3op5XyUtjqgu8h-KrJV1lXR_1FFyV7eC3mYSZY4OGQQGMx-rmSzcZB6XZRrGRAI28UZ3ObmQc5cOecWJsBuyQQXYPv1NtYm7Z1USeK9OgAar9Q0pUuACuYcWxRBTvLmiBmvBnmi2X9t3FvQpex1yxuhbdGypLtolo4MXWQQzQ6pcCvjI7tyuz050n_XVu-dxvbQbPbq6mUAt_AfPxClnhxMmvaS0yt27Ln3Rdz6y5CggmTuebBeU-sicMCcXjmNpXnftNoCOdY-dpGSzIwqvNHVHFMS4xuOjXle0e4Xa3NB8dwU1QHvRuU3mE_6P3N1hIm2B3Bbi1CNn7gdlM0YXEBPXTDd6AD2K1KCsEI9ZiSqvIdyKPPl753BqJSoLf-DRk-C9Qw13oImktSyO4NZxLBPEPUE4ZoOr5jtaHXucKnfAIRcGthVah6sSOkTaneB52gilv8vpU0YlkQdB3c0jC4y_zDzn9cBjPc_w6DBJVmVY4JP6StY9bH5ropGoINegX6mM26_b4BNXqjaS4YgCdbwdJJ5P2U_IZ6fxKx_WV0TZc3f4xoOJ39yWzuZW-SQaXBqpbNlM5YmNRiWEQgAA&state=7764511b-0529-4839-8111-cda9871adead&session_state=6dfe1df0-4345-4a06-8fa1-0dbc4ef33387 returned 401
We managed to get past this error. The real issue is another one. We specify on Azure the roles to be returned, and the ID token has these roles. But cortex expects the userurl to return these roles. Any way to get cortex to fetch roles from the id_token from azure instead of oidc?
Code needed to fix this. Forked and added. Let me know if I should merge request it here
Hi! i know it's been a while since, but i'm running into kind of the same same error. I'm also trying to get Cortex working with Azure SSO. Is your commit already mergerd in master brache? or maybe can i use your fork for fixing this?
org.elastic4play.AuthenticationError: OAuth2 authentication failure: User info fails: [info] o.t.c.s.ErrorHandler - GET /api/ssoLogin?code=0.AQIAbJu-ME8epUSmd23tKLIslmZxO2XEYVVBip51j6cgCuYCAM8.AQABAAIAAAD--DLA3VO7QrddgJg7WevrKOZPan-JF0IxGP0lUw3RoWDVmQiDTVI2GlM_Kl1qw0giAQBNAD2CS_mfC13U9zB1LHuxTARjgBooXEYGNoz3HYcxYVs7w60RFqHS9B125aDG5cZI2qN51kg67IyWTKS4TDE3hHoPNqQNvFGVxrk5s2HsCQoNUpJn_yRhrZxDwoBtM0Bb4JiKSpB3YBp0JvDNKBEZNkeJ9V69gil46tZ0TMxMmvtyCcK9cGSlANoiPj3RIN84Gc0ZgZqw7RFdzOF_yHt5JPoZK8FHTJkNsxRWWdi2cgD7reQygrUYwXfjQE9j46qMo7WL9E4laItx-8kkqFD5_CUw_7NIKqbwQw5xCNrMixHrTF7MMCb8qutKFKaU8_qBJQjmz--5B54vhESFS2-b2FWvFELs_UBuk5XtotvKcCNqcoH2JfMnQlGHnh0oJvCXp1kQfZ5Y3rhk2N-hR3dIgvfvjYn8fa0C5Lboci7NSOAcyyGBP9AI0MU332OynJjQnBG6jAv58cA29-Om4NORhFlhokAkRbAhBGraW_4WWrOhgT6CvRthBmdM_9bqN4Yih0oe0Hhxtq7HvKSKnhQXKWe4QjKLWSVXXIfi97m8uqcsJqrst0tUdtRR5p0rrk8cIY6zb4hB3B5eDLTTeBwbXadt8uqHTdQ_8xa2rjwBQlgSHhOqtspN6J9dISZSbL-H0_t6lNNs-3hXIikamRzRc5zJ6lGmo1GU7X4-7CT9BJJXaeOiXuW5Is3w1N7hZo8qhx7MTkk4dA7LaYQXOUNtSBa4qZa7oWYnJOVCtK-Cvqg0jmpmPDIoWi__1kogAA&state=c93179b6-0615-4c5b-813f-eb55e5a2152a&session_state=2d1cdb02-36cc-4bac-a07e-0891bbc1bdab returned 401 org.elastic4play.AuthenticationError: Authentication failure
Hello! Having the same problem with AzureAD SAML/SSO logins here. Any updates on this one? Anybody have tips on how to get AzureAD logins to work in Cortex or is it currently not possible due to this "bug"?
@P1514 says "Code needed to fix this. Forked and added. Let me know if I should merge request it here"... Have this fork / code been merged? @P1514 what is the change you have made?
-kim
Hello @khalavak, I don't sync the fork in a while better just check the change on app/org/thp/cortex/services/OAuth2Srv.scala And do it yourself. Fork into this repo was never done
Hi,
I had the same issues, cortex needs the sso field whereas thehive does not care though cortex SSO object in attributes needs to match actual fields in the userUrl call
sso {
autocreate: false
autoupdate: false
mapper: "simple"
attributes {
login: "mail" # Instead of 'email' or 'login' which is need in the azure ad userUrl call. Email property needs to be populated
name: "displayName" # Correct, roles has been removed as this needs to be setup seperately is not in the default call
}
defaultRoles: ["read", "analyze"]
defaultOrganization: "[REDACTED]"
}
}
Above works for me on Entra ID/Azure AD
