search

MISP / MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform
https://www.misp-project.org/
GNU Affero General Public License v3.0
5.39k stars 1.4k forks source link

Support: API authentication not working with Active Directory authentication #9800

Open h00ked opened 4 months ago

h00ked commented 4 months ago

Support Questions

I have enabled Active Directory integration and now, Im trying to enable API access for some 3rd party applications. I have issue while trying autentication with Authkey as Im receiving ERROR 401 with this output bellow. AD login working well.

When I try disable AD integration, all works well.

[PROD] [root@hostname:~]#curl  --header "Authorization: lxzSZ***********V8" --header "Accept: application/json"  --header "Content-Type: application/json" https://misp.domain.tld/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Apache HTTPD conf file

LoadModule ssl_module modules/mod_ssl.so

<VirtualHost *:443>

    DocumentRoot /var/www/MISP/app/webroot
    ServerName misp.domain.tld
    SSLEngine on
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    <Directory /var/www/MISP/app/webroot>
        Options -Indexes
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>

<Location "/">
  AuthType Basic
  AuthName "MISP Active Directory authentication via sAMAccountName"
  AuthBasicProvider ldap
  AuthLDAPUrl "ldaps://Addc.domain.corp/OU=uzivatele,DC=domain,DC=corp?sAMAccountName"
  AuthLDAPBindDN "CN=USER,OU=aplikacni,OU=uzivatele,DC=domain,DC=corp"
  AuthLDAPBindPassword "Passwoed"
  RequestHeader set X-Forwarded-User %{RU}e
  #AuthLDAPInitialBindAsUser on
  Require valid-user
</Location>

    ErrorLog /var/log/httpd/misp.error.log
    CustomLog /var/log/httpd/misp.access.log combined
    SSLCertificateFile "/etc/httpd/ssl/misp.local.crt"
    SSLCertificateKeyFile "/etc/httpd/ssl/misp.local.key"

</VirtualHost>

.htaccess MISP file

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php?/$1 "[QSA,L,B= ]"
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    # Adds AUTH support to Rest Plugin:
    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</IfModule>
<IfModule mod_headers.c>
   RequestHeader unset Proxy
</IfModule>

MISP version

2.4.192

Operating System

RedHat

Operating System version

8.6

PHP version

7.4.33

Browser

No response

Browser version

No response

Relevant log output

No response

Extra attachments

No response

Code of Conduct

h00ked commented 4 months ago

So far solved with adding this to apache conf file. If and else configuration working so far (tested with curl from local server)

<If "-n %{HTTP:Authorization} && ! %{HTTP:Authorization} =~ /Basic/ ">

AuthType Basic AuthName "Your LDAP user@domain authentication" ...