Enabling multi-authentication options
423 views
Skip to first unread message
Daniel Chung
Apr 24, 2023, 10:17:55 AM4/24/23
to Wazuh mailing list
Hi,
I upgraded the Wazuh Indexer and Dashboard to version 4.4 and tried to follow this guide to setup multi-auth, but the Wazuh dashboard do not support this feature as the service failed to start if it has these two configs:
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
This feature has been added since OpenSearch 2.4. Appreciate if a guideline of enabling this feature can be provided from Wazuh.
Nicolas Curioni
Apr 26, 2023, 8:39:50 AM4/26/23
to Wazuh mailing list
Hello Daniel,
Thanks for sharing your doubts with the community.
Could you please share the errors that you are getting when you change these configurations?
I've just replicated this and modified the /etc/wazuh-dashboard/opensearch_dashboards.yml file, adding these two lines:
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
After this, I've restarted the Wazuh-dashboard service, and it started without showing any errors. In addition to this, a sing-on option was added to the wazuh login screen:
%2009.36.03.png?part=0.1&view=1)
Looking forward to hearing from you.
Best regards.
Daniel Chung
Apr 26, 2023, 6:36:13 PM4/26/23
to Wazuh mailing list
Hi Nicolas,
Thanks for your reply. As you tested it should be working, I retried again and finally make the wazuh login screen showing the sso login option. Interestedly, I had to remove "tab" before that two lines to make it works.
However, after I logged in via SSO, but no agents were showing up on the dashboard even I had role mapping configured to "all_access" already. The dashboard returned permission error below:
Error: 3013 - Permission denied: Resource type: *:*
at createError (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:2:28658)
at settle (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:8:19613)
at XMLHttpRequest.onloadend (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:2:26451)
at createError (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:2:28658)
at settle (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:8:19613)
at XMLHttpRequest.onloadend (https://<wazuh>.com/44101/bundles/plugin/wazuh/wazuh.plugin.js:2:26451)
My logged in ID was mapped to roles "own_index" and "all_access", while the backend role was mapped to the correct role created on AD.
Any ideas?
Reply all
Reply to author
Forward
0 new messages