Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Invalid URL error - Group Parsing #344

Open
vatsaldesai93 opened this issue Feb 17, 2021 · 2 comments
Open

Invalid URL error - Group Parsing #344

vatsaldesai93 opened this issue Feb 17, 2021 · 2 comments

Comments

@vatsaldesai93
Copy link

vatsaldesai93 commented Feb 17, 2021
edited
Loading

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) Ubuntu
Cortex version / git hash 3.1.0
Package Type Binary
Browser type & version N/A

Problem Description

Invalid URL error when attempting to use Group Mapper for OAUTH.
Cortex mandates the use of Groups URL as per https://github.com/TheHive-Project/Cortex/blob/619b28a3cd2b9a46bb553baf1b647b25405620df/app/org/thp/cortex/services/mappers/GroupUserMapper.scala while the same info can be fetched from User URL

This seems to be the same error that was originally identified for TheHive by ananth07reddy in TheHive-Project/TheHive#1010
It was consequently fixed in TheHive-Project/TheHive#1112 but never in Cortex.

Steps to Reproduce

  1. Setup OIDC/OAUTH2 config for Cortex with SSO mapper set to group as per https://github.com/TheHive-Project/CortexDocs/blob/master/admin/admin-guide.md#oauth2openid-connect
  2. Don't provide the Groups URL as group information needs to be fetched from User URL.
  3. Attempt to SSO login from the front end and observe logs for Invalid URL

Possible Solutions

Maybe port the solution from theHive TheHive-Project/TheHive#1112 to Cortex

Complementary information

[error] o.e.s.a.MultiAuthSrv - Authentication failure
org.elastic4play.AuthenticationError: OAuth2 authentication failure: Invalid URL 
	at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:96)
	at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:95)
	at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
	at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
	at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
	at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
	at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
	at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
	at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
@masdeeper
Copy link

masdeeper commented Jul 20, 2021
edited
Loading

I have the same issue. When using OIDC by setting sso.groups.url to null, Cortex still tries to take the group from this URL. Cortex should take the users groups from the first rest call and not try to fetch the sso.groups.url.

As stated in the official doc: URL to retreive groups (leave empty if you are using OIDC)

We have the same issue in TheHive4.

@ttronier
Copy link

Same issue here as well running Cortex 3.1.0.

jiprocha added a commit to jiprocha/Cortex that referenced this issue Dec 1, 2022
@jiprocha
GroupUserMapper.scala: Backport fix from TheHive for group mapper fun…
81ea88e 
…ctionality

This commit fixes issue TheHive-Project#344 by backporting fix from TheHive repository.
Original pull request from which the backport was taken can be found at
TheHive-Project/TheHive#1112.
@jiprocha jiprocha mentioned this issue Dec 1, 2022
Merged
To-om pushed a commit that referenced this issue Sep 20, 2023
@jiprocha @To-om
GroupUserMapper.scala: Backport fix from TheHive for group mapper fun…
f7fdcdf 
…ctionality

This commit fixes issue #344 by backporting fix from TheHive repository.
Original pull request from which the backport was taken can be found at
TheHive-Project/TheHive#1112.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@masdeeper @vatsaldesai93 @ttronier