Azure oauth2 sso

[rleal124]

Hi,

I try configure the Azure oauth2 with sso for Cortex authentication. I have created Azure APP registration.

Some one have same issue?

`auth { provider = [local,oauth2] oauth2 {

URL of the authorization server

    clientId = "[DELETED]"
    clientSecret = "[DELETED]"
    redirectUri = "https://[DELETED]/api/ssoLogin"
    responseType = "code"
    grantType = "authorization_code"

    # URL from where to get the access token
    authorizationUrl = "https://login.microsoftonline.com/[DELETED]/oauth2/v2.0/authorize"
    tokenUrl = "https://login.microsoftonline.com/[DELETED]/oauth2/v2.0/token"

    # The endpoint from which to obtain user details using the OAuth token, after successful login
    userUrl = "https://graph.microsoft.com/oidc/userinfo""
    scope = ["openid email profile offline_access User.Read"]

}
sso {
    # Autocreate user in database?
    autocreate = false

    # Autoupdate its profile and roles?
    autoupdate = false

    # Autologin user using SSO?
    #autologin = false
    mapper = "simple"
    attributes {
      login = "email"
      name: "displayName"
      roles = "role"
    }
    defaultRoles = ["read"]
    defaultOrganization = "[DELETED]"
    }

} `

And the log give the following result: 2021-01-26 19:26:14,812 [DEBUG] from org.elastic4play.services.auth.MultiAuthSrv in application-akka.actor.default-dispatcher-18 - oauth2 AuthenticationError OAuth2 authentication failure: User info fails: 2021-01-26 19:26:14,812 [INFO] from org.thp.cortex.services.ErrorHandler in application-akka.actor.default-dispatcher-18 - GET /api/ssoLogin?code=0.ARAAURdHXXWWjUKRe3D0T5YwsOVrmVDjzaRDou8AVJdKk8oQAAA.AQABAAIAAABeStGSRwwnTq2vHplZ9KL42b_uk5am4BfdP6yD3Fhr12eru5nFHHlPjPlO7g-5rk0yqx2YNTBjNaH_jfg6A2qan2Cr0oAsivarn-v1-fJFaC6HlswWNgI9OCT_816rY1oVqTmDvg-TCHKZfSLWilxGL2nMoYljSYe4z-09E5k5h7R_6WGpxFp_xVSoljseH9P9dIYOxZRTeGzeHoHLQ6yoweCJjEWXubTZOuBi9OhYg7CARw3op5XyUtjqgu8h-KrJV1lXR_1FFyV7eC3mYSZY4OGQQGMx-rmSzcZB6XZRrGRAI28UZ3ObmQc5cOecWJsBuyQQXYPv1NtYm7Z1USeK9OgAar9Q0pUuACuYcWxRBTvLmiBmvBnmi2X9t3FvQpex1yxuhbdGypLtolo4MXWQQzQ6pcCvjI7tyuz050n_XVu-dxvbQbPbq6mUAt_AfPxClnhxMmvaS0yt27Ln3Rdz6y5CggmTuebBeU-sicMCcXjmNpXnftNoCOdY-dpGSzIwqvNHVHFMS4xuOjXle0e4Xa3NB8dwU1QHvRuU3mE_6P3N1hIm2B3Bbi1CNn7gdlM0YXEBPXTDd6AD2K1KCsEI9ZiSqvIdyKPPl753BqJSoLf-DRk-C9Qw13oImktSyO4NZxLBPEPUE4ZoOr5jtaHXucKnfAIRcGthVah6sSOkTaneB52gilv8vpU0YlkQdB3c0jC4y_zDzn9cBjPc_w6DBJVmVY4JP6StY9bH5ropGoINegX6mM26_b4BNXqjaS4YgCdbwdJJ5P2U_IZ6fxKx_WV0TZc3f4xoOJ39yWzuZW-SQaXBqpbNlM5YmNRiWEQgAA&state=7764511b-0529-4839-8111-cda9871adead&session_state=6dfe1df0-4345-4a06-8fa1-0dbc4ef33387 returned 401

[P1514]

We managed to get past this error. The real issue is another one. We specify on Azure the roles to be returned, and the ID token has these roles. But cortex expects the userurl to return these roles. Any way to get cortex to fetch roles from the id_token from azure instead of oidc?

[P1514]

Code needed to fix this. Forked and added. Let me know if I should merge request it here

[2Wanderer]

Hi! i know it's been a while since, but i'm running into kind of the same same error. I'm also trying to get Cortex working with Azure SSO. Is your commit already mergerd in master brache? or maybe can i use your fork for fixing this?

org.elastic4play.AuthenticationError: OAuth2 authentication failure: User info fails: [info] o.t.c.s.ErrorHandler - GET /api/ssoLogin?code=0.AQIAbJu-ME8epUSmd23tKLIslmZxO2XEYVVBip51j6cgCuYCAM8.AQABAAIAAAD--DLA3VO7QrddgJg7WevrKOZPan-JF0IxGP0lUw3RoWDVmQiDTVI2GlM_Kl1qw0giAQBNAD2CS_mfC13U9zB1LHuxTARjgBooXEYGNoz3HYcxYVs7w60RFqHS9B125aDG5cZI2qN51kg67IyWTKS4TDE3hHoPNqQNvFGVxrk5s2HsCQoNUpJn_yRhrZxDwoBtM0Bb4JiKSpB3YBp0JvDNKBEZNkeJ9V69gil46tZ0TMxMmvtyCcK9cGSlANoiPj3RIN84Gc0ZgZqw7RFdzOF_yHt5JPoZK8FHTJkNsxRWWdi2cgD7reQygrUYwXfjQE9j46qMo7WL9E4laItx-8kkqFD5_CUw_7NIKqbwQw5xCNrMixHrTF7MMCb8qutKFKaU8_qBJQjmz--5B54vhESFS2-b2FWvFELs_UBuk5XtotvKcCNqcoH2JfMnQlGHnh0oJvCXp1kQfZ5Y3rhk2N-hR3dIgvfvjYn8fa0C5Lboci7NSOAcyyGBP9AI0MU332OynJjQnBG6jAv58cA29-Om4NORhFlhokAkRbAhBGraW_4WWrOhgT6CvRthBmdM_9bqN4Yih0oe0Hhxtq7HvKSKnhQXKWe4QjKLWSVXXIfi97m8uqcsJqrst0tUdtRR5p0rrk8cIY6zb4hB3B5eDLTTeBwbXadt8uqHTdQ_8xa2rjwBQlgSHhOqtspN6J9dISZSbL-H0_t6lNNs-3hXIikamRzRc5zJ6lGmo1GU7X4-7CT9BJJXaeOiXuW5Is3w1N7hZo8qhx7MTkk4dA7LaYQXOUNtSBa4qZa7oWYnJOVCtK-Cvqg0jmpmPDIoWi__1kogAA&state=c93179b6-0615-4c5b-813f-eb55e5a2152a&session_state=2d1cdb02-36cc-4bac-a07e-0891bbc1bdab returned 401 org.elastic4play.AuthenticationError: Authentication failure

[khalavak]

Hello! Having the same problem with AzureAD SAML/SSO logins here. Any updates on this one? Anybody have tips on how to get AzureAD logins to work in Cortex or is it currently not possible due to this "bug"?

@P1514 says "Code needed to fix this. Forked and added. Let me know if I should merge request it here"... Have this fork / code been merged? @P1514 what is the change you have made?

-kim

[P1514]

Hello @khalavak, I don't sync the fork in a while better just check the change on app/org/thp/cortex/services/OAuth2Srv.scala And do it yourself. Fork into this repo was never done

[tbi88]

same issue here...

[ch0wm3in]

Hi, I had the same issues, cortex needs the sso field whereas thehive does not care though cortex SSO object in attributes needs to match actual fields in the userUrl call

sso {
        autocreate: false
        autoupdate: false
        mapper: "simple"
        attributes {
           login: "mail" # Instead of 'email' or 'login' which is need in the azure ad userUrl call. Email property needs to be populated
           name: "displayName" # Correct, roles has been removed as this needs to be setup seperately is not in the default call
        }
        defaultRoles: ["read", "analyze"]
        defaultOrganization: "[REDACTED]"

    }
}

Above works for me on Entra ID/Azure AD