After upgrading Wazuh from version 4.7 to version 4.8 using the "Keeping custom docker-compose files" method, we have integrated MS-Graph for the first time. Since the integration, we are encountering repeated authentication failures. The errors indicate that the JWT token used for authentication is not well-formed.
Logs
The following warnings are repeatedly logged:
2024/06/20 10:47:57 wazuh-modulesd:ms-graph: WARNING: Received unsuccessful status code when attempting to get relationship 'alerts_v2' logs: Status code was '401' & response was '{"error":{"code":"InvalidAuthenticationToken","message":"IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.","innerError":{"date":"2024-06-20T10:47:57","request-id":"1bcf901f-9b6c-42e8-9b82-eb7201a52405","client-request-id":"1bcf901f-9b6c-42e8-9b82-eb7201a52405"}}}'
2024/06/20 10:47:58 wazuh-modulesd:ms-graph: WARNING: Received unsuccessful status code when attempting to get relationship 'incidents' logs: Status code was '401' & response was '{"error":{"code":"InvalidAuthenticationToken","message":"IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.","innerError":{"date":"2024-06-20T10:47:58","request-id":"776545c5-3d17-421a-8cb7-af94e1e6efd7","client-request-id":"776545c5-3d17-421a-8cb7-af94e1e6efd7"}}}'
2024/06/20 10:48:00 wazuh-modulesd:ms-graph: WARNING: Received unsuccessful status code when attempting to get relationship 'secureScores' logs: Status code was '401' & response was '{"error":{"code":"InvalidAuthenticationToken","message":"IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.","innerError":{"date":"2024-06-20T10:48:00","request-id":"0abb2f7b-74b0-4aed-a14b-3aa118857c26","client-request-id":"0abb2f7b-74b0-4aed-a14b-3aa118857c26"}}}'
2024/06/20 10:48:02 wazuh-modulesd:ms-graph: WARNING: Received unsuccessful status code when attempting to get relationship 'signIns' logs: Status code was '401' & response was '{"error":{"code":"InvalidAuthenticationToken","message":"IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.","innerError":{"date":"2024-06-20T10:48:02","request-id":"df3f70db-8413-4149-be22-053f55238eb1","client-request-id":"df3f70db-8413-4149-be22-053f55238eb1"}}}'
The JWT tokens should be correctly formatted and authenticated, allowing for successful API calls.
Actual Behavior
The JWT tokens are reported as not well-formed, leading to authentication failures with status code 401.
Additional Information
The integration with MS-Graph was implemented after the upgrade to version 4.8, so it's unclear if this issue would have existed in version 4.7.
Suggested Solutions
Verify the JWT token generation process within the MS-Graph integration.
Check for any configuration issues that might lead to the improper formation of JWT tokens.
Review any changes or requirements in the MS-Graph authentication process that might have been introduced in Wazuh v4.8.
Request for Assistance
Please provide guidance on how to resolve the JWT token formatting issue with the MS-Graph integration post-upgrade. If additional logs or information are required, I will be happy to provide them.
Issue Description
Summary
After upgrading Wazuh from version 4.7 to version 4.8 using the "Keeping custom docker-compose files" method, we have integrated MS-Graph for the first time. Since the integration, we are encountering repeated authentication failures. The errors indicate that the JWT token used for authentication is not well-formed.
Logs
The following warnings are repeatedly logged:
Environment Details
Steps to Reproduce
Expected Behavior
The JWT tokens should be correctly formatted and authenticated, allowing for successful API calls.
Actual Behavior
The JWT tokens are reported as not well-formed, leading to authentication failures with status code 401.
Additional Information
The integration with MS-Graph was implemented after the upgrade to version 4.8, so it's unclear if this issue would have existed in version 4.7.
Suggested Solutions
Request for Assistance
Please provide guidance on how to resolve the JWT token formatting issue with the MS-Graph integration post-upgrade. If additional logs or information are required, I will be happy to provide them.
Thank you!