Google SSO Certificate Update

128 views
Skip to first unread message

Khul Sat

unread,
Apr 1, 2024, 11:05:24 PM4/1/24
to Wazuh | Mailing List

Greetings!
Recently our Google Workspace certificate got expired. This resulted into non accessibility of the Wazuh Dashboard.

The 400 error we are getting is - Error: malformed_certificate.

We are running on Wazuh v4.3 which is deployed on AWS EKS cluster.
Referring to this document, I downloaded new Google_Metadata.xml and updated under ../wazuh-kubernetes/wazuh/indexer_stack/wazuh-indexer/indexer_conf/. Suggested changes were also made under ../wazuh-kubernetes/wazuh/indexer_stack/wazuh-indexer/indexer_conf/config.yml as mentioned in the above document.
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/Google_Metadata.xml and /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml could be seen as updated post pod restart. However, the error remains the same.
securityadmin script was not run thinking that the pod restart will wipe out the changes. roles_mapping.yml on Indexer and wazuh.yml on Dashboard kept unchanged as this was modified during the initial SSO configuration.

Is there anything which I am missing out?

Please advise.
Thanks&Regards,KS

Openime Oniagbi

unread,
Apr 2, 2024, 4:23:03 AM4/2/24
to Wazuh | Mailing List
Hi Khul,

You must run the securityadmin script to load the configuration changes made in the config.yml file. It is mentioned in the documentation. I recommend you follow the steps in the documentation from the beginning as closely as possible to update the details.

Khul Sat

unread,
Apr 3, 2024, 1:18:33 AM4/3/24
to Wazuh | Mailing List
Thank you for your inputs Openime Oniagbi!
One query though which I mentioned in my earlier post; if the pods restart, will these changes be persistent?

Openime Oniagbi

unread,
Apr 3, 2024, 6:47:20 AM4/3/24
to Wazuh | Mailing List
Did it restart when you performed the initial setup?

Khul Sat

unread,
Apr 3, 2024, 9:04:44 AM4/3/24
to Wazuh | Mailing List
Hi,
I am considering the worst-case scenario or say a maintenance activity wherein I need to restart the Indexer pods. What would be the scenario in that case?

Khul Sat

unread,
Apr 3, 2024, 10:17:57 AM4/3/24
to Wazuh | Mailing List
Hello,
I am facing little challenge identifying `roles_mapping.yml`.
`/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml` is present under the Indexer pods however I think this file is the default one hence the SSO login is not working?

Openime Oniagbi

unread,
Apr 4, 2024, 4:39:20 PM4/4/24
to Wazuh | Mailing List
I don't think there will be a need to restart the pods.

As for the roles_mapping.yml file, you are supposed to edit it. I urge you to follow the documentation as closely as possible and let me know if you have any issues when you do.

Reply all
Reply to author
Forward
0 new messages