search

TheHive-Project / Cortex

Cortex: a Powerful Observable Analysis and Active Response Engine
https://thehive-project.org
GNU Affero General Public License v3.0
1.28k stars 218 forks source link

Oauth2 User info fails #422

Open liviusitoianu opened 1 year ago

liviusitoianu commented 1 year ago

Request Type

Bug Request

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) Ubuntu 20.04
Cortex version / git hash 3.1.6-1
Package Type Binary
Browser type & version Chrome

Problem Description

Identity provider: keycloak After keycloack login i receive this error:

2022-07-19 12:37:21,613 [ERROR] from org.elastic4play.services.auth.MultiAuthSrv in application-akka.actor.default-dispatcher-8 - Authentication failure
org.elastic4play.AuthenticationError: OAuth2 authentication failure: User info fails:
        at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:96)
        at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:95)
        at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
        at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
        at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:63)
        at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:100)
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
        at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
        at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:100)
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:49)
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)

Cortex application.conf:

oauth2 {
        # URL of the authorization server
        clientId = "[DELETED]"
        clientSecret = "[DELETED]"
        redirectUri = "https://[DELETED]/api/ssoLogin"
        responseType = "code"
        grantType = "authorization_code"

        # URL from where to get the access token
        authorizationUrl = "https://[DELETED]/protocol/openid-connect/auth"
        tokenUrl = "https://[DELETED]protocol/openid-connect/token"

        # The endpoint from which to obtain user details using the OAuth token, after successful login
        userUrl = "https://[DELETED]/protocol/openid-connect/userinfo"
        scope: ["openid", "email"]
    }

    # Single-Sign On
    sso {
        # Autocreate user in database?
        autocreate = false

        # Autoupdate its profile and roles?
        autoupdate = false

        # Autologin user using SSO?
#        autologin = true

        # Name of mapping class from user resource to backend user ('simple' or 'group')
        mapper = simple
        attributes {
          login = "user"
          name = "name"
          roles = "roles"
          organization = "org"

        }
        defaultRoles = ["read", "analyze"]
        defaultOrganization = "[DELETED]"
}
}

Who can provide me a working config, both cortex and keycloack if possible? Can someone explain how sso attributes are working?