search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://strangebee.com/cortex/
GNU Affero General Public License v3.0
1.33k stars 228 forks source link

Invalid URL error - Group Parsing #344

Open vatsaldesai93 opened 3 years ago

vatsaldesai93 commented 3 years ago

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) Ubuntu
Cortex version / git hash 3.1.0
Package Type Binary
Browser type & version N/A

Problem Description

Invalid URL error when attempting to use Group Mapper for OAUTH. Cortex mandates the use of Groups URL as per https://github.com/TheHive-Project/Cortex/blob/619b28a3cd2b9a46bb553baf1b647b25405620df/app/org/thp/cortex/services/mappers/GroupUserMapper.scala while the same info can be fetched from User URL

This seems to be the same error that was originally identified for TheHive by ananth07reddy in https://github.com/TheHive-Project/TheHive/issues/1010 It was consequently fixed in https://github.com/TheHive-Project/TheHive/pull/1112 but never in Cortex.

Steps to Reproduce

  1. Setup OIDC/OAUTH2 config for Cortex with SSO mapper set to group as per https://github.com/TheHive-Project/CortexDocs/blob/master/admin/admin-guide.md#oauth2openid-connect
  2. Don't provide the Groups URL as group information needs to be fetched from User URL.
  3. Attempt to SSO login from the front end and observe logs for Invalid URL

Possible Solutions

Maybe port the solution from theHive https://github.com/TheHive-Project/TheHive/pull/1112 to Cortex

Complementary information

[error] o.e.s.a.MultiAuthSrv - Authentication failure
org.elastic4play.AuthenticationError: OAuth2 authentication failure: Invalid URL 
    at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:96)
    at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:95)
    at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
    at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
    at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
    at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
    at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
    at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
    at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
masdeeper commented 3 years ago

I have the same issue. When using OIDC by setting sso.groups.url to null, Cortex still tries to take the group from this URL. Cortex should take the users groups from the first rest call and not try to fetch the sso.groups.url.

As stated in the official doc: URL to retreive groups (leave empty if you are using OIDC)

We have the same issue in TheHive4.

ttronier commented 3 years ago

Same issue here as well running Cortex 3.1.0.