Entra mfa/sso configuration
20 views
Skip to first unread message
dwight c
Feb 20, 2026, 1:13:18 AM (4 days ago) Feb 20
to Wazuh | Mailing List
I feel like i'm really close on fixing it. but i keep getting :
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}
on the final step need help troubleshooting
systemctl status wazuh-manager
systemctl status wazuh-indexer
systemctl status wazuh-dashboard
systemctl status filebeat
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:03:58 UTC; 7min ago
Process: 720847 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 358 (limit: 410999)
Memory: 6.7G (peak: 6.8G)
CPU: 53.759s
CGroup: /system.slice/wazuh-manager.service
├─721004 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721005 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721006 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721009 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721012 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721058 /var/ossec/bin/wazuh-authd
├─721071 /var/ossec/bin/wazuh-db
├─721118 /var/ossec/bin/wazuh-execd
├─721130 /var/ossec/bin/wazuh-analysisd
├─721140 /var/ossec/bin/wazuh-syscheckd
├─721154 /var/ossec/bin/wazuh-remoted
├─721354 /var/ossec/bin/wazuh-logcollector
├─721371 /var/ossec/bin/wazuh-monitord
└─721381 /var/ossec/bin/wazuh-modulesd
Feb 19 23:03:55 #### env[720847]: Started wazuh-syscheckd...
Feb 19 23:03:56 #### env[720847]: Started wazuh-remoted...
Feb 19 23:03:56 #### env[720847]: Started wazuh-logcollector...
Feb 19 23:03:56 #### env[720847]: Started wazuh-monitord...
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:router: INFO: Loaded router module.
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:inventory-harvester: INFO: Loaded Inventory harvester module.
Feb 19 23:03:56 #### env[720847]: Started wazuh-modulesd...
Feb 19 23:03:58 #### env[720847]: Completed.
Feb 19 23:03:58 #### systemd[1]: Started Wazuh manager.
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:04:02 UTC; 7min ago
Docs: https://documentation.wazuh.com
Main PID: 720660 (java)
Tasks: 166 (limit: 410999)
Memory: 1.7G (peak: 1.8G)
CPU: 1min 38.552s
CGroup: /system.slice/wazuh-indexer.service
└─720660 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.en>
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.3.jar)
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager will be removed in a future release
Feb 19 23:03:52 #### systemd-entrypoint[720660]: Feb 19, 2026 11:03:52 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: COMPAT locale provider will be removed in a future release
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.3.jar)
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager will be removed in a future release
Feb 19 23:04:02 #### systemd[1]: Started wazuh-indexer.
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:03:50 UTC; 8min ago
Main PID: 720661 (node)
Tasks: 11 (limit: 410999)
Memory: 190.8M (peak: 236.4M)
CPU: 8.075s
CGroup: /system.slice/wazuh-dashboard.service
└─720661 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
Feb 19 23:11:59 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:11:59Z","tags":[],"pid":720661,"os":{"load":[0.03,0.34,0.28],"mem":{"total":67418681344,"free":59232260096},"uptime":>
Feb 19 23:11:59 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:11:59Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:04 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:04Z","tags":[],"pid":720661,"os":{"load":[0.03,0.33,0.28],"mem":{"total":67418681344,"free":59235434496},"uptime":>
Feb 19 23:12:04 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:04Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:09 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:09Z","tags":[],"pid":720661,"os":{"load":[0.02,0.32,0.28],"mem":{"total":67418681344,"free":59239899136},"uptime":>
Feb 19 23:12:09 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:09Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:14 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:14Z","tags":[],"pid":720661,"os":{"load":[0.02,0.32,0.28],"mem":{"total":67418681344,"free":59244326912},"uptime":>
Feb 19 23:12:14 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:14Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:19 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:19Z","tags":[],"pid":720661,"os":{"load":[0.02,0.31,0.28],"mem":{"total":67418681344,"free":59247038464},"uptime":>
Feb 19 23:12:19 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:19Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; preset: disabled)
Active: active (running) since Wed 2025-11-26 16:32:45 UTC; 2 months 24 days ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 86749 (filebeat)
Tasks: 23 (limit: 410999)
Memory: 39.6M (peak: 41.7M)
CPU: 11min 30.016s
CGroup: /system.slice/filebeat.service
└─86749 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}
on the final step need help troubleshooting
systemctl status wazuh-manager
systemctl status wazuh-indexer
systemctl status wazuh-dashboard
systemctl status filebeat
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:03:58 UTC; 7min ago
Process: 720847 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
Tasks: 358 (limit: 410999)
Memory: 6.7G (peak: 6.8G)
CPU: 53.759s
CGroup: /system.slice/wazuh-manager.service
├─721004 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721005 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721006 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721009 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721012 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh_apid.py
├─721058 /var/ossec/bin/wazuh-authd
├─721071 /var/ossec/bin/wazuh-db
├─721118 /var/ossec/bin/wazuh-execd
├─721130 /var/ossec/bin/wazuh-analysisd
├─721140 /var/ossec/bin/wazuh-syscheckd
├─721154 /var/ossec/bin/wazuh-remoted
├─721354 /var/ossec/bin/wazuh-logcollector
├─721371 /var/ossec/bin/wazuh-monitord
└─721381 /var/ossec/bin/wazuh-modulesd
Feb 19 23:03:55 #### env[720847]: Started wazuh-syscheckd...
Feb 19 23:03:56 #### env[720847]: Started wazuh-remoted...
Feb 19 23:03:56 #### env[720847]: Started wazuh-logcollector...
Feb 19 23:03:56 #### env[720847]: Started wazuh-monitord...
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:router: INFO: Loaded router module.
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Feb 19 23:03:56 #### env[721379]: 2026/02/19 23:03:56 wazuh-modulesd:inventory-harvester: INFO: Loaded Inventory harvester module.
Feb 19 23:03:56 #### env[720847]: Started wazuh-modulesd...
Feb 19 23:03:58 #### env[720847]: Completed.
Feb 19 23:03:58 #### systemd[1]: Started Wazuh manager.
● wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:04:02 UTC; 7min ago
Docs: https://documentation.wazuh.com
Main PID: 720660 (java)
Tasks: 166 (limit: 410999)
Memory: 1.7G (peak: 1.8G)
CPU: 1min 38.552s
CGroup: /system.slice/wazuh-indexer.service
└─720660 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.en>
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.3.jar)
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager will be removed in a future release
Feb 19 23:03:52 #### systemd-entrypoint[720660]: Feb 19, 2026 11:03:52 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 19 23:03:52 #### systemd-entrypoint[720660]: WARNING: COMPAT locale provider will be removed in a future release
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.19.3.jar)
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 19 23:03:53 #### systemd-entrypoint[720660]: WARNING: System::setSecurityManager will be removed in a future release
Feb 19 23:04:02 #### systemd[1]: Started wazuh-indexer.
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-02-19 23:03:50 UTC; 8min ago
Main PID: 720661 (node)
Tasks: 11 (limit: 410999)
Memory: 190.8M (peak: 236.4M)
CPU: 8.075s
CGroup: /system.slice/wazuh-dashboard.service
└─720661 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist
Feb 19 23:11:59 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:11:59Z","tags":[],"pid":720661,"os":{"load":[0.03,0.34,0.28],"mem":{"total":67418681344,"free":59232260096},"uptime":>
Feb 19 23:11:59 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:11:59Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:04 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:04Z","tags":[],"pid":720661,"os":{"load":[0.03,0.33,0.28],"mem":{"total":67418681344,"free":59235434496},"uptime":>
Feb 19 23:12:04 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:04Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:09 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:09Z","tags":[],"pid":720661,"os":{"load":[0.02,0.32,0.28],"mem":{"total":67418681344,"free":59239899136},"uptime":>
Feb 19 23:12:09 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:09Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:14 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:14Z","tags":[],"pid":720661,"os":{"load":[0.02,0.32,0.28],"mem":{"total":67418681344,"free":59244326912},"uptime":>
Feb 19 23:12:14 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:14Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
Feb 19 23:12:19 #### opensearch-dashboards[720661]: {"type":"ops","@timestamp":"2026-02-19T23:12:19Z","tags":[],"pid":720661,"os":{"load":[0.02,0.31,0.28],"mem":{"total":67418681344,"free":59247038464},"uptime":>
Feb 19 23:12:19 #### opensearch-dashboards[720661]: {"type":"log","@timestamp":"2026-02-19T23:12:19Z","tags":["debug","metrics"],"pid":720661,"message":"Refreshing metrics"}
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; preset: disabled)
Active: active (running) since Wed 2025-11-26 16:32:45 UTC; 2 months 24 days ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 86749 (filebeat)
Tasks: 23 (limit: 410999)
Memory: 39.6M (peak: 41.7M)
CPU: 11min 30.016s
CGroup: /system.slice/filebeat.service
└─86749 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat
Nikhil Gurjar
Feb 20, 2026, 6:06:02 AM (4 days ago) Feb 20
to Wazuh | Mailing List
Hi
dwight c,
Looking forward to your update.
Best regards,
Nikhil
Just to confirm—are you seeing the status 500, Internal Server Error after the Microsoft Entra ID login page?
If yes, this typically indicates that the Redirect URL is not configured correctly in Entra ID. Additionally, please check your config.yml file to ensure the Kibana URL path is correctly configured.
To help us investigate further, could you please share the relevant logs from your environment using the commands below: (Reference documentation: https://documentation.wazuh.com/current/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.html)
journalctl -u wazuh-dashboard | grep -iE 'err|warn|fail'
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE 'err|warn|fail'
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE 'err|warn|fail'
Looking forward to your update.
Best regards,
Nikhil
dwight c
Feb 20, 2026, 8:49:18 AM (4 days ago) Feb 20
to Wazuh | Mailing List
I got it to work. The issue was in the Config file, I was missing
authentication_backend: type: noop under the saml_auth_domain section
Nikhil Gurjar
Feb 22, 2026, 11:33:47 PM (2 days ago) Feb 22
to Wazuh | Mailing List
Hi dwight c,
Glad to hear that it is working as expected. Please don't hesitate to contact us if you've encountered any other issues.
Best regards,
Nikhil
Glad to hear that it is working as expected. Please don't hesitate to contact us if you've encountered any other issues.
Best regards,
Nikhil
Reply all
Reply to author
Forward
0 new messages