Open ghost opened 2 years ago
Benni0
commented
2 years ago I had this issue a view times but I haven't had time to analyze the problem. For me the keys have been working, after restarting httpd inside the container using supervisorctl.
ghost
commented
2 years ago @Benni0
I tried with /usr/bin/supervisorctl restart httpd but it didnt work.
Then I tried to restart the container, that didn't work neither.
As I can understand from OpenID Connect Documentation Apache will not authenticate the API Key, but only check if Authorization is set in the header, and then forward the request to MISP. So shouldn't my deny logs originate from MISP and not Apache?
Benni0
commented
2 years ago In apaches misp.conf a rewrite map is defined which checks the key against cake: RewriteMap authkeys "prg:/var/www/MISP/app/Console/cake user authkey_valid" apache:apache
If you execute the cake command inside the container you should get '1' as result when you insert your API key. As I remember this worked when I had this problem.
ghost
commented
2 years ago I can get it working with the users personal access key, but the ones manual created in /auth_keys/index doesn't work.
ondj
commented
2 years ago @gso-trifork-security Advanced auth keys are disabled by default. If you want to use them, you have to set SECURITY_ADVANCED_AUTHKEYS to yes. See https://github.com/NUKIB/misp#security
dygland
commented
6 months ago I know this is almost two years old but I'm seeing the same behaviour with an user we're using for monitoring purposes, suddenly the user gets a 403 and our checks fail. One remediation seems to be to log in as the user, upon login the checks are successful. Havent been able to find anything that suggests the underlying reasons for this behavior.
When I try to access MISP over API, with OICD configured I get 403.
Apache logs this:
My request header:
Do you have any idea what could course this?