Wazuh Keycloak SAML Integration
1,066 views
Skip to first unread message
HA
Jan 16, 2023, 10:00:43 AM1/16/23
to Wazuh mailing list
Hi all,
I tried to configure Wazuh to use SAML Authentication using Keycloak.
I followed:
It works fine until the step : Wazuh dashboard configuration
After systemctl restart wazuh-dashboard, I get the following error:
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}
Where can I got the logs ??
Regards,
HA
Message has been deleted
Gustavo Choquevilca
Jan 16, 2023, 10:22:15 AM1/16/23
to Wazuh mailing list
Hello, thanks for taking an interest in Wazuh!
You can review the logs in the following paths:
/var/log/wazuh-indexer/
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
Regards,
Gustavo.
You can review the logs in the following paths:
- wazuh dashboard
- journalctl -u wazuh-dashboard
- cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"
- Wazuh indexer
/var/log/wazuh-indexer/
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
Regards,
Gustavo.
HA
Jan 16, 2023, 10:52:54 AM1/16/23
to Wazuh mailing list
Hi,
First, thanks for your help.
It seems the problem is at (journalctl -f -u wazuh-dashboard)
:
Jan 16 15:43:57 wazuh-server opensearch-dashboards[5601]: {"type":"error","@timestamp":"2023-01-16T15:43:57Z","tags":[],"pid":5601,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:145:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:99:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:94:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":"?nextUrl=%2F","query":{"nextUrl":"/"},"pathname":"/auth/saml/login","path":"/auth/saml/login?nextUrl=%2F","href":"/auth/saml/login?nextUrl=%2F"},"message":"Internal Server Error"}
Any idea ??
Regards,
HA
Gustavo Choquevilca
Jan 16, 2023, 12:35:40 PM1/16/23
to Wazuh mailing list
Three situations may be occurring here:
- The error may be in the configuration of the identity provider (Keycloak), I recommend that you review the settings you have made.
- The problem may be in the configuration in the wazuh-indexer node in the config.yml, roles_mapping.yml, and opensearch_dashboards.yml files, can you share these files with me so I can analyze them?
- It may be because of this suggestion
HA
Jan 23, 2023, 3:23:31 AM1/23/23
to Wazuh mailing list
Hi all,
After checking my config, I found the path to id and sp XML files was wrong.
But still receive Internal Server Error....
journalctl -f -u wazuh-dashboard
Jan 23 08:22:12 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-0d055bd5592cb0a058a23e05","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.ug2Ttcs99ITFC4NcIMklxsGOh71Fs6vWPM5jO6MB-x_sj-1o4g8iqcWBdVkfnnxm6U4y6uRyasfWq1JB9pF-Og==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"}
Jan 23 08:22:12 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"get","statusCode":302,"req":{"url":"/auth/saml/login?nextUrl=%2F","method":"get","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-77a1dc9d5b2eba7c55f49884","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.xVklO9OpLwkDuSMRkDlvNvJ-ztcvDhQB7gYDraO9erCFjyvjjpURq2dy3cK4IAn4pAQKbd7OS9m8V7O3lhxYDQ==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":302,"responseTime":6,"contentLength":9},"message":"GET /auth/saml/login?nextUrl=%2F 302 6ms - 9.0B"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { Error: Authentication Exception
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at respond (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at checkRespForFailure (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at HttpConnector.<anonymous> (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at IncomingMessage.wrapper (/usr/share/wazuh-dashboard/node_modules/lodash/lodash.js:4991:19)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at IncomingMessage.emit (events.js:203:15)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at endReadableNT (_stream_readable.js:1145:12)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: status: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: displayName: 'AuthenticationException',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: message: 'Authentication Exception',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: path: '/_plugins/_security/api/authtoken',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: query: {},
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: body: undefined,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: response: '',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: wwwAuthenticateDirective:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: 'X-Security-IdP realm="OpenSearch Security" location="https://idpkc.simacpsf.cloud/auth/realms/SIMACPSF/protocol/saml?SAMLRequest=fZJrT8MgFIb%2FSsP3jl7UGbItqZuXJnNr7NRkXxZKz5TYQuWAun8vdhovifsGh%2FMe3ueFEfK26Vjm7KO6gWcHaIO3tlHI%2BoMxcUYxzVEiU7wFZFawMrues2QQsc5oq4VuyA%2FJYQVHBGOlViTIZ2OyXJzPl5f5YsMrDnyYpGEKVR0enURxWCX8JKxEfJwOIUqHRzEJ7sCg146JH%2BUHIDrIFVqurC9FXu1lSbqKTlmSsDhdk2DmeaTitlc9Wtsho1TW3ZMYoGy56HA7EI12NeU%2BAWqANy3SMr%2FOpkV5Qb8A6QcZCYrP7ZlUtVQPh1GrfROyq9WqCItluSJB9oU%2F1QpdC6YE8yIF3N7Mv%2B2hhPavu43uwI9DazTdIAhnpN31rigXSCajjyXrEzGT%2B2x9ezWiP0uj%2FTMvvMt8VuhGil1woU3L7f8Q8SDuK7IOt30rcwo7EHIrofYsTaNfpz4xC2NijQMS0Mn%2B1t%2F%2FafIO" requestId="ONELOGIN_abaea723-3ebd-4601-b2a6-bc1537e03741"',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: toString: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: toJSON: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: isBoom: true,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: isServer: false,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: data: null,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: output:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: payload:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: error: 'Unauthorized',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: message: 'Authentication Exception' },
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: headers:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: reformat: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized' }
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"log","@timestamp":"2023-01-23T08:22:13Z","tags":["error","plugins","securityDashboards"],"pid":21861,"message":"SAML SP initiated authentication workflow failed: Error: failed to get token"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"error","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:145:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:99:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:94:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/_opendistro/_security/saml/acs","path":"/_opendistro/_security/saml/acs","href":"/_opendistro/_security/saml/acs"},"message":"Internal Server Error"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs","method":"post","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-09b8315f3fec7a573f3d390c","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.y6_7zJwGYL0Wd8BURQB8g3z1xE7sUmMof0YSKhyvz-ujGMVo7H-kXR22ZvuCLzphQ60s9Ge30SSxM-TOjgDW0w==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","content-length":"12291","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","content-type":"application/x-www-form-urlencoded","origin":"null","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"same-site"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":500,"responseTime":176,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs 500 176ms - 9.0B"}
Jan 23 08:22:12 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-0d055bd5592cb0a058a23e05","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.ug2Ttcs99ITFC4NcIMklxsGOh71Fs6vWPM5jO6MB-x_sj-1o4g8iqcWBdVkfnnxm6U4y6uRyasfWq1JB9pF-Og==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":302,"responseTime":5,"contentLength":9},"message":"GET / 302 5ms - 9.0B"}
Jan 23 08:22:12 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"get","statusCode":302,"req":{"url":"/auth/saml/login?nextUrl=%2F","method":"get","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-77a1dc9d5b2eba7c55f49884","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.xVklO9OpLwkDuSMRkDlvNvJ-ztcvDhQB7gYDraO9erCFjyvjjpURq2dy3cK4IAn4pAQKbd7OS9m8V7O3lhxYDQ==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":302,"responseTime":6,"contentLength":9},"message":"GET /auth/saml/login?nextUrl=%2F 302 6ms - 9.0B"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { Error: Authentication Exception
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at respond (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at checkRespForFailure (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at HttpConnector.<anonymous> (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at IncomingMessage.wrapper (/usr/share/wazuh-dashboard/node_modules/lodash/lodash.js:4991:19)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at IncomingMessage.emit (events.js:203:15)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at endReadableNT (_stream_readable.js:1145:12)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: status: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: displayName: 'AuthenticationException',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: message: 'Authentication Exception',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: path: '/_plugins/_security/api/authtoken',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: query: {},
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: body: undefined,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: response: '',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: wwwAuthenticateDirective:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: 'X-Security-IdP realm="OpenSearch Security" location="https://idpkc.simacpsf.cloud/auth/realms/SIMACPSF/protocol/saml?SAMLRequest=fZJrT8MgFIb%2FSsP3jl7UGbItqZuXJnNr7NRkXxZKz5TYQuWAun8vdhovifsGh%2FMe3ueFEfK26Vjm7KO6gWcHaIO3tlHI%2BoMxcUYxzVEiU7wFZFawMrues2QQsc5oq4VuyA%2FJYQVHBGOlViTIZ2OyXJzPl5f5YsMrDnyYpGEKVR0enURxWCX8JKxEfJwOIUqHRzEJ7sCg146JH%2BUHIDrIFVqurC9FXu1lSbqKTlmSsDhdk2DmeaTitlc9Wtsho1TW3ZMYoGy56HA7EI12NeU%2BAWqANy3SMr%2FOpkV5Qb8A6QcZCYrP7ZlUtVQPh1GrfROyq9WqCItluSJB9oU%2F1QpdC6YE8yIF3N7Mv%2B2hhPavu43uwI9DazTdIAhnpN31rigXSCajjyXrEzGT%2B2x9ezWiP0uj%2FTMvvMt8VuhGil1woU3L7f8Q8SDuK7IOt30rcwo7EHIrofYsTaNfpz4xC2NijQMS0Mn%2B1t%2F%2FafIO" requestId="ONELOGIN_abaea723-3ebd-4601-b2a6-bc1537e03741"',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: toString: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: toJSON: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: isBoom: true,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: isServer: false,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: data: null,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: output:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: payload:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { statusCode: 401,
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: error: 'Unauthorized',
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: message: 'Authentication Exception' },
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: headers:
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: reformat: [Function],
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized' }
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"log","@timestamp":"2023-01-23T08:22:13Z","tags":["error","plugins","securityDashboards"],"pid":21861,"message":"SAML SP initiated authentication workflow failed: Error: failed to get token"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"error","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:145:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:99:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:94:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/_opendistro/_security/saml/acs","path":"/_opendistro/_security/saml/acs","href":"/_opendistro/_security/saml/acs"},"message":"Internal Server Error"}
Jan 23 08:22:13 wazuh-server opensearch-dashboards[21861]: {"type":"response","@timestamp":"2023-01-23T08:22:12Z","tags":[],"pid":21861,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs","method":"post","headers":{"x-forwarded-for":"88.207.202.238","x-forwarded-proto":"https","x-forwarded-port":"443","host":"siem.simacpsf.cloud","x-amzn-trace-id":"Root=1-63ce43b4-09b8315f3fec7a573f3d390c","x-amzn-oidc-data":"eyJ0eXAiOiJKV1QiLCJraWQiOiI2NTg0OGMyZS1jNTViLTQ4NmMtODJjNi02Yzk4MjkwZGZhOTIiLCJhbGciOiJFUzI1NiIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YiLCJjbGllbnQiOiJTSUVNIiwic2lnbmVyIjoiYXJuOmF3czplbGFzdGljbG9hZGJhbGFuY2luZzpldS1jZW50cmFsLTE6MDQ2OTY5NDA2MzY3OmxvYWRiYWxhbmNlci9hcHAvQzEtMUEtRUxCLVZQQy1GLVNBQVMvOTA1NDMzN2RkMzllYjY2ZCIsImV4cCI6MTY3NDQ2MjI1Mn0=.eyJzdWIiOiIxNDRkMTk5ZC0zNWEyLTQ3NmYtODNmNi01NGY3YTlmZTk4NjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUiLCJleHAiOjE2NzQ0NjIyNTIsImlzcyI6Imh0dHBzOi8vaWRwa2Muc2ltYWNwc2YuY2xvdWQvYXV0aC9yZWFsbXMvU0lNQUNQU0YifQ==.y6_7zJwGYL0Wd8BURQB8g3z1xE7sUmMof0YSKhyvz-ujGMVo7H-kXR22ZvuCLzphQ60s9Ge30SSxM-TOjgDW0w==","x-amzn-oidc-identity":"144d199d-35a2-476f-83f6-54f7a9fe9862","x-amzn-oidc-accesstoken":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI5cFNMR3MzalpkTEpTaUFGV25PMG5ZZm9uVlRPNlV6bFp2ZVM4c3dud2t3In0.eyJleHAiOjE2NzQ0NjU2NzEsImlhdCI6MTY3NDQ2MjA3MSwiYXV0aF90aW1lIjoxNjc0NDYyMDcxLCJqdGkiOiIxMmM2OWU4NC1iMmE0LTQzNjEtOWZiOS0xYmY2YTI3YzZkMGIiLCJpc3MiOiJodHRwczovL2lkcGtjLnNpbWFjcHNmLmNsb3VkL2F1dGgvcmVhbG1zL1NJTUFDUFNGIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjE0NGQxOTlkLTM1YTItNDc2Zi04M2Y2LTU0ZjdhOWZlOTg2MiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlNJRU0iLCJzZXNzaW9uX3N0YXRlIjoiYThmZGNjMDYtZjIxNi00NTVhLWJjNTctNDEzMTA3MDYyZjM1IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXNpbWFjcHNmIiwib2ZmbGluZV9hY2Nlc3MiLCJXQVpVSC1BRE1JTlMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhOGZkY2MwNi1mMjE2LTQ1NWEtYmM1Ny00MTMxMDcwNjJmMzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJIZWRpIEFiZGVsa2FmaSIsInByZWZlcnJlZF91c2VybmFtZSI6ImhlZGkuYWJkZWxrYWZpQHNpbWFjLmx1IiwiZ2l2ZW5fbmFtZSI6IkhlZGkiLCJmYW1pbHlfbmFtZSI6IkFiZGVsa2FmaSIsImVtYWlsIjoiaGVkaS5hYmRlbGthZmlAc2ltYWMubHUifQ.ibUtmuGZyQvwU6TQoF5nluxhX3zG8EOnn3y7wsnAaZ6ZQCHd_S2c0QofZ2NgQ0xZcb5Jv93mMizVj8BwvkPNHCpQMfcLOPRJV-Y8vTNJeuDqkiI-gju7Taf-pt_aqeqWX5HN8XSikEgvZUNPdaltrnYvU96j2x-UnfOarsbxX-ixUEJZ_LEwnp4WnRexqlf-RtcxIdNDUFlzzO27vQO-R-duDdndHFSUiTVEd23W52j7KwOGqqMjypqjhaTG496LVFy1eF8LXsAgr4FP8z266tCGOz3B6Huh0g6xV_q9_8lZPbc14Vq-VeRxMjUV-0UjI4YMWhYZfcejyueO6QS-Sg","content-length":"12291","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","content-type":"application/x-www-form-urlencoded","origin":"null","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"same-site"},"remoteAddress":"100.64.4.156","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0"},"res":{"statusCode":500,"responseTime":176,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs 500 176ms - 9.0B"}
Any idea ??
Message has been deleted
Gustavo Choquevilca
Feb 6, 2023, 12:48:01 PM2/6/23
to Wazuh mailing list
Hello, sorry for the delay in responding (I was on vacation)
Still, having the same problem?
You can share with me the yml files: config, roles_mapping, and opensearch_dashboards (the latter may have another name depending on the version of Wazuh).
The problem may be in the bad configuration of these files for SAML.
Regards,
Gustavo.
Still, having the same problem?
You can share with me the yml files: config, roles_mapping, and opensearch_dashboards (the latter may have another name depending on the version of Wazuh).
The problem may be in the bad configuration of these files for SAML.
Regards,
Gustavo.
Reply all
Reply to author
Forward
0 new messages