VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
Describe the bug
Creating a OpenID IDP in version 8.3.2 with correct configuration leads to 404 error when clicking to login with SSO in login page.
If you downgrade Vectr to 8.0.4, solves the problem and the SSO login works flawlessly.
If you upgrade back from 8.0.4 to 8.3.2, the SSO login now works in 8.3.2.
TLDR; there is something wrong when creating identity providers in 8.3.2 while downgrading it to 8.0.4 solves the problem, even retroactively.
Also, I was able to create identity providers in 8.0.4 and it does not gives me 404 errors and works as expected.
To Reproduce
Steps to reproduce the behavior:
Go to 'Administration' -> Access Management -> Identity Providers
Click on 'Add Provider' and click on OpenID
Insert configurations for a IDP
Logout and try to login using the OpenID IDP
Error 404
Downgrade Vectr-Tomcat container editing docker-compose.yml and setting the version to 8.0.4
Run docker-compose up -d to recreate vectr-tomcat with version 8.0.4
Try to login using the same SSO provider you registered while in version 8.3.2, it works now.
Edit docker-compose.yml again and switch vectr-tomcat to 8.3.2
Run docker-compose up -d to recreate vectr-tomcat in order to switch to version 8.3.2;
Now SSO login works in 8.3.2!
Expected behavior
Instead of error 404, it is expected to login using SSO to the vectr application.
Screenshots
404 Error when trying to login with version 8.3.2, before the downgrade.
Apache Tomcat error logs when the error 404 pops-up:
It seems that Vectr cant find the Identity provider ID, and returns 404. But somehow downgrading vectr version solves this issue.
Desktop (please complete the following information):
Describe the bug Creating a OpenID IDP in version 8.3.2 with correct configuration leads to 404 error when clicking to login with SSO in login page.
If you downgrade Vectr to 8.0.4, solves the problem and the SSO login works flawlessly.
If you upgrade back from 8.0.4 to 8.3.2, the SSO login now works in 8.3.2.
TLDR; there is something wrong when creating identity providers in 8.3.2 while downgrading it to 8.0.4 solves the problem, even retroactively. Also, I was able to create identity providers in 8.0.4 and it does not gives me 404 errors and works as expected.
To Reproduce Steps to reproduce the behavior:
docker-compose up -d
to recreate vectr-tomcat with version 8.0.4docker-compose up -d
to recreate vectr-tomcat in order to switch to version 8.3.2;Expected behavior Instead of error 404, it is expected to login using SSO to the vectr application.
Screenshots 404 Error when trying to login with version 8.3.2, before the downgrade.![Pasted image 20220518165359](https://user-images.githubusercontent.com/23364530/169087390-a84f469e-eb8e-4263-913a-94f6cbec1e34.png)
Apache Tomcat error logs when the error 404 pops-up:![Pasted image 20220518165636](https://user-images.githubusercontent.com/23364530/169087936-5c378bc6-8e01-4a85-9b51-c47bcc66c28d.png)
It seems that Vectr cant find the Identity provider ID, and returns 404. But somehow downgrading vectr version solves this issue.
Desktop (please complete the following information):