Closed tialocRT closed 8 months ago
I dont think its possible for now. We start to introduce proxy for more stuff but I think we miss this one. Tagging it a feature request
Any progress on this? Would be nice to have.
Difficult to test so try the approach to use an agent with an option
const openIdClient = config.use_proxy ? getPlatformHttpProxyAgent(config.issuer) : undefined;
Awesome, thanks!
@richard-julien Thanks for fixing this, however there is a minor issue. Setting a http proxy using IP address like http://172.16.0.1:3128 works fine, but using a dns record like http://proxy.domain.tld:3128 results in the following error.
{"category":"APP","errors":[{"attributes":{"genre":"BUSINESS","http_status":500,"provider":"oic"},"message":"Error initializing authentication provider","name":"UNSUPPORTED_ERROR","stack":"UNSUPPORTED_ERROR: Error initializing authentication provider\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at UnsupportedError (/opt/opencti/build/src/config/errors.js:89:51)\n at /opt/opencti/build/src/config/providers.js:386:24\n at processTicksAndRejections (node:internal/process/task_queues:95:5)"},{"message":"getaddrinfo ENOTFOUND proxy.redacted.tld","name":"Error","stack":"Error: getaddrinfo ENOTFOUND proxy.redacted.tld\n at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:120:26)"}],"level":"error","message":"Error initializing authentication provider","source":"backend","timestamp":"2024-08-19T09:36:13.195Z","version":"6.2.12"}
It works for now, but we'd like to use the dns record instead. Thanks.
The DNS resolution is not something that the platform is doing. Please check that your pod is able to resolve this DNS name.
Prerequisites
Description
Can't use the OpenID login with a proxy
I tried to setup the authentication with OpenID instead of LocalStrategy, my OpenCTI return me no errors in logs but I can see Firewall deny logs for the IP of my OpenID provider and no logs on my proxy, so my OpenCTI is bypassing my proxy settings only for OpenID. I don't want to open this flow directly on the FW without passing by my proxy.
Proxy settings has been set with HTTP_PROXXY HTTPS_PROXY and no_proxy for the OpenCTI core processes. My connectors can crawl datas and their flows pass by the proxy.
Does Someone has set successfully the OpenID login with a proxy ? Is it an already know issue ?
Environment
Reproducible Steps
Using docker-compose file with this config:
I read on this node-openid issue (https://github.com/panva/node-openid-client/issues/22) that the proxy settings for panva-node-openid has to be set inside the code, I don't know if it the case for OpenCTI I can't find the related code inside my container to check it.
Thanks by advance