authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

website/integrations: add Wazuh

Open maikroservice opened this issue 2 years ago β€’ 15 comments

Details

This pull request adds documentation for integrating wazuh and authentik via SAML with a detailed step-by-step guide. There is a new subfolder under the integrations folder explaining the process.

Checklist

  • [ ] Local tests pass (make test authentik/) -> coverage install fails (macbook pro m2 / MacOS 14.1.1)
  • [x] The code has been formatted (make lint-fix)

If an API change has been made

  • [ ] The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • [ ] The code has been formatted (make web)
  • [ ] The translation files have been updated (make i18n-extract)

If applicable

  • [x] The documentation has been updated
  • [x] The documentation has been formatted (make website)

maikroservice avatar Nov 24 '23 20:11 maikroservice

Deploy Preview for authentik-storybook canceled.

Name Link
Latest commit 485d4cd59891aeca5b54bf5f1b81b8791e79ee83
Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/65f480ae6167ae00081048bc

netlify[bot] avatar Nov 24 '23 20:11 netlify[bot]

Deploy Preview for authentik ready!

Name Link
Latest commit 523a7d46874cf81424b191c6048f5f5e08cfe0c0
Latest deploy log https://app.netlify.com/sites/authentik/deploys/65772345a86ddf0008c12e5c
Deploy Preview https://deploy-preview-7706--authentik.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

Lighthouse		 1 paths audited
Performance: 97 (no change from production)
Accessibility: 90 (no change from production)
Best Practices: 100 (no change from production)
SEO: 80 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] avatar Nov 24 '23 20:11 netlify[bot]

Hey, thank you for your contribution! I have yet to take a more thorough at this, but you are missing the sidebar entry for that documentation to render. You can add it in https://github.com/goauthentik/authentik/blob/main/website/sidebarsIntegrations.js, probably under the Infrastructure list (which is alphabetically sorted).

rissson avatar Dec 04 '23 17:12 rissson

Hello and thanks @maikroservice for the contribution! I think you recently blogged about this too, right? We are happy to have this now in our Integrations docs. And I see that @rissson helped out with the sidebar.js hint.

I'll do a quick copy-edit on it then after any needed changes, get it merged! Thanks again.

tanberry avatar Dec 04 '23 17:12 tanberry

Hello and thanks @maikroservice for the contribution! I think you recently blogged about this too, right? We are happy to have this now in our Integrations docs. And I see that @rissson helped out with the sidebar.js hint.

I'll do a quick copy-edit on it then after any needed changes, get it merged! Thanks again.

this should be fixed now - and I also edited the copy with the suggestions <3

Thank you for being awesome and kind!

maikroservice avatar Dec 10 '23 11:12 maikroservice

I'll try this out this week probably, and then merge if it works as expected

rissson avatar Dec 11 '23 01:12 rissson

Looks like you're missing a make website. If you do not have the tooling, I can run it for you and push it to this PR.

rissson avatar Dec 11 '23 07:12 rissson

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 92.33%. Comparing base (f62f720) to head (485d4cd). Report is 4009 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7706      +/-   ##
==========================================
- Coverage   92.59%   92.33%   -0.27%     
==========================================
  Files         587      640      +53     
  Lines       28900    31547    +2647     
==========================================
+ Hits        26761    29128    +2367     
- Misses       2139     2419     +280
Flag Coverage Ξ”
e2e 50.48% <ΓΈ> (-0.46%) :arrow_down:
integration 26.08% <ΓΈ> (+0.07%) :arrow_up:
unit 89.68% <ΓΈ> (+0.08%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Dec 11 '23 07:12 codecov[bot]

Looks like you're missing a make website. If you do not have the tooling, I can run it for you and push it to this PR.

if you could do that it would be much appreciated - I tried getting it to work on the M1 macbook and well let's just say this afternoon won't come back from the dead. 😡

maikroservice avatar Dec 11 '23 14:12 maikroservice

I'll try this out this week probably, and then merge if it works as expected

I still haven't gotten around to it. I didn't forget this though!

rissson avatar Dec 22 '23 10:12 rissson

I'm getting the following in the wazuh-indexer logs. Did you encounter such a thing as well?

[2024-01-24T09:01:50,936][ERROR][c.o.s.a.SamlResponse     ] [node-1] No Signature found. SAML Response rejected
[2024-01-24T09:01:50,936][WARN ][c.a.d.a.h.s.AuthTokenProcessorHandler] [node-1] Error while validating SAML response in /_opendistro/_security/api/authtoken

I found https://github.com/wazuh/wazuh/issues/18844, which was not useful as the proposed "fix" is already what I'm using.

rissson avatar Jan 24 '24 09:01 rissson

Hiya @maikroservice did you have a chance to look into @rissson 's last few comments? I'd love to get this merged when we can... thanks again for the contribution.

tanberry avatar Feb 23 '24 19:02 tanberry

Deploy Preview for authentik-docs ready!

Name Link
Latest commit 485d4cd59891aeca5b54bf5f1b81b8791e79ee83
Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/65f480ae92b52c0008fd9ee6
Deploy Preview https://deploy-preview-7706--authentik-docs.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] avatar Mar 15 '24 17:03 netlify[bot]

As of version 4.9 the instructions

copy/paste the exchange_key, you can get it from the metadata file (find the key between the <ds:X509Certificate></ds:X509Certificate> tags, it usually starts with MII...) - DO NOT FORGET TO PUT QUOTES AROUND THE CERTIFICATE

are incorrect they should something like in https://documentation.wazuh.com/current/upgrade-guide/troubleshooting.html#sso-issue-when-upgrading-from-wazuh-4-8-and-earlier

pwd-rh avatar Oct 14 '24 10:10 pwd-rh

In addition the "Name ID Property Mapping" has to be set to "authentik default SAML Mapping: Username" see screenshot Screenshot_2024-10-14_07-27-38

pwd-rh avatar Oct 14 '24 11:10 pwd-rh

I just tried it based on the Guide, and i got a few observations: Under Step 5 the following part should be clarified: "Next up change the /etc/wazuh-indexer/opensearch-security/config.yml and make sure it looks like the one below:" The Config pasted there is not valid. There is the meta missing and yaml seems not to be valid. I reformatted it so that wazuh is happy. config.txt

About the Exchange key: I tried using a exchange key i got from Authentik, but wazuh really likes to base64 encode it. And that fails. Still trying to figure out how to get around it, but a warning there or something like that would be useful i guess.

Under Step 9: The Role Mapping is actually under "Management"-> "Security". There is a nice GIF from Wazuh that shows it: https://documentation.wazuh.com/current/_images/role-mapping1.gif

bastrian avatar Jan 11 '25 01:01 bastrian