Okta > Wazuh SSO Question
492 views
Skip to first unread message
Steven Paugh
Jun 12, 2023, 1:19:58 PM6/12/23
to Wazuh mailing list
Hello Team,
Working on a new wazuh cluster and cannot get past a 500 server error on our idp initiated SSO setup via Okta.
Followed the guide here: https://documentation.wazuh.com/current/user-manual/user-administration/single-sign-on/okta.html
Here are our current configs that have been scrubbed:
Indexer(s) : /etc/wazuh-indexer/opensearch-security/config.yml
Indexer(s) : /etc/wazuh-indexer/opensearch-security/config.yml
authc:
kerberos_auth_domain:
http_enabled: false
transport_enabled: false
order: 6
http_authenticator:
type: kerberos
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: false
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_url: >-
'$URL/sso/saml/metadata'
entity_id: 'http://www.okta.com/$ENTITYID'
sp:
entity_id: wazuh-saml
kibana_url: 'https://wazuh:9200'
roles_key: Roles
exchange_key: >-
'$CERT'
authentication_backend:
type: noop
proxy_auth_domain:
kerberos_auth_domain:
http_enabled: false
transport_enabled: false
order: 6
http_authenticator:
type: kerberos
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: false
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_url: >-
'$URL/sso/saml/metadata'
entity_id: 'http://www.okta.com/$ENTITYID'
sp:
entity_id: wazuh-saml
kibana_url: 'https://wazuh:9200'
roles_key: Roles
exchange_key: >-
'$CERT'
authentication_backend:
type: noop
proxy_auth_domain:
Dashboard: /etc/wazuh-dashboard/opensearch_dashboards.yml
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: $UNAME
# opensearch.password: $PWORD
opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
opensearch_security.cookie.secure: true
server.host: 0.0.0.0
opensearch.hosts:
- https://$IP:9200
- https://$IP:9200
opensearch.ssl.verificationMode: certificate
# opensearch.username: $UNAME
# opensearch.password: $PWORD
opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
opensearch_security.cookie.secure: true
server.host: 0.0.0.0
opensearch.hosts:
- https://$IP:9200
- https://$IP:9200
Everything following the guide went as expected. A note that I think may be relevant is that we had not created any local users in this cluster before setting up SSO. The only account we did have was the admin account on the understanding that an account should be created for each new user who has the correct access group in Okta.
The error we are seeing on the dashboard is:
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"mlCommonsDashboards\" is disabled."}
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"dataSource\" is disabled."}
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"visTypeXy\" is disabled."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["warning","config","deprecation"],"pid":20273,"message":"It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. Instead, supply the \"osd-xsrf\" header."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","plugins-system"],"pid":20273,"message":"Setting up [45] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,alertingDashboards,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,visBuilder,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]"}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","savedobjects-service"],"pid":20273,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","savedobjects-service"],"pid":20273,"message":"Starting saved objects migrations"}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","plugins-system"],"pid":20273,"message":"Starting [45] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,alertingDashboards,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,visBuilder,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]"}
Jun 12 16:45:45 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:45Z","tags":["listening","info"],"pid":20273,"message":"Server running at https://0.0.0.0:443"}
Jun 12 16:45:45 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20273,"message":"http server running at https://0.0.0.0:443"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: StatusCodeError: Authentication Exception
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at respond (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at checkRespForFailure (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at HttpConnector.<anonymous> (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.wrapper (/usr/share/wazuh-dashboard/node_modules/lodash/lodash.js:4991:19)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.emit (events.js:412:35)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.emit (domain.js:475:12)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at endReadableNT (internal/streams/readable.js:1333:12)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at processTicksAndRejections (internal/process/task_queues.js:82:21) {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: status: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: displayName: 'AuthenticationException',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: path: '/_plugins/_security/api/authtoken',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: query: {},
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: body: 'Authentication finally failed',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: response: 'Authentication finally failed',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: toString: [Function (anonymous)],
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: toJSON: [Function (anonymous)],
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: isBoom: true,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: isServer: false,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: data: null,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: output: {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: payload: {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: error: 'Unauthorized',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: message: 'Authentication Exception'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T17:04:43Z","tags":["error","plugins","securityDashboards"],"pid":20273,"message":"SAML IDP initiated authentication workflow failed: Error: failed to get token"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"error","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","message":"Internal Server Error"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs/idpinitiated","method":"post","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acacbf2e9c31-IAD","content-length":"12577","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","cache-control":"max-age=0","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","origin":"https://okta.com","content-type":"application/x-www-form-urlencoded","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"cross-site","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"https://okta.com/","priority":"u=0, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.46","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://okta.com/"},"res":{"statusCode":500,"responseTime":75,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs/idpinitiated 500 75ms - 9.0B"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acafeb1d9c31-IAD","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","priority":"u=1, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.55","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /favico
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: error: 'Unauthorized',
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"mlCommonsDashboards\" is disabled."}
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"dataSource\" is disabled."}
Jun 12 16:45:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:43Z","tags":["info","plugins-service"],"pid":20273,"message":"Plugin \"visTypeXy\" is disabled."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["warning","config","deprecation"],"pid":20273,"message":"It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. Instead, supply the \"osd-xsrf\" header."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","plugins-system"],"pid":20273,"message":"Setting up [45] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,alertingDashboards,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,visBuilder,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]"}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","savedobjects-service"],"pid":20273,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","savedobjects-service"],"pid":20273,"message":"Starting saved objects migrations"}
Jun 12 16:45:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:44Z","tags":["info","plugins-system"],"pid":20273,"message":"Starting [45] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,alertingDashboards,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,visBuilder,tileMap,regionMap,customImportMapDashboards,inputControlVis,visualize,ganttChartDashboards,reportsDashboards,indexManagementDashboards,notificationsDashboards,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]"}
Jun 12 16:45:45 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:45Z","tags":["listening","info"],"pid":20273,"message":"Server running at https://0.0.0.0:443"}
Jun 12 16:45:45 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T16:45:45Z","tags":["info","http","server","OpenSearchDashboards"],"pid":20273,"message":"http server running at https://0.0.0.0:443"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: StatusCodeError: Authentication Exception
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at respond (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at checkRespForFailure (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at HttpConnector.<anonymous> (/usr/share/wazuh-dashboard/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.wrapper (/usr/share/wazuh-dashboard/node_modules/lodash/lodash.js:4991:19)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.emit (events.js:412:35)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at IncomingMessage.emit (domain.js:475:12)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at endReadableNT (internal/streams/readable.js:1333:12)
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: at processTicksAndRejections (internal/process/task_queues.js:82:21) {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: status: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: displayName: 'AuthenticationException',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: path: '/_plugins/_security/api/authtoken',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: query: {},
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: body: 'Authentication finally failed',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: response: 'Authentication finally failed',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: toString: [Function (anonymous)],
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: toJSON: [Function (anonymous)],
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: isBoom: true,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: isServer: false,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: data: null,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: output: {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: payload: {
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: statusCode: 401,
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: error: 'Unauthorized',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: message: 'Authentication Exception'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T17:04:43Z","tags":["error","plugins","securityDashboards"],"pid":20273,"message":"SAML IDP initiated authentication workflow failed: Error: failed to get token"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"error","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","message":"Internal Server Error"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs/idpinitiated","method":"post","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acacbf2e9c31-IAD","content-length":"12577","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","cache-control":"max-age=0","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","origin":"https://okta.com","content-type":"application/x-www-form-urlencoded","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"cross-site","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"https://okta.com/","priority":"u=0, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.46","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://okta.com/"},"res":{"statusCode":500,"responseTime":75,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs/idpinitiated 500 75ms - 9.0B"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acafeb1d9c31-IAD","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","priority":"u=1, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.55","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /favico
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: error: 'Unauthorized',
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: message: 'Authentication Exception'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T17:04:43Z","tags":["error","plugins","securityDashboards"],"pid":20273,"message":"SAML IDP initiated authentication workflow failed: Error: failed to get token"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"error","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","message":"Internal Server Error"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs/idpinitiated","method":"post","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acacbf2e9c31-IAD","content-length":"12577","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","cache-control":"max-age=0","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","origin":"https://okta.com","content-type":"application/x-www-form-urlencoded","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"cross-site","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"https://okta.com/","priority":"u=0, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.46","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://okta.com/"},"res":{"statusCode":500,"responseTime":75,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs/idpinitiated 500 75ms - 9.0B"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acafeb1d9c31-IAD","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","priority":"u=1, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.55","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://wazuh./_opendistro/_security/saml/acs/idpinitiated"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /favicon.ico 401 6ms - 9.0B"}
Jun 12 17:05:51 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:05:51Z","tags":[],"pid":20273,"method":"post","statusCode":404,"req":{"url":"/dns-query","method":"post","headers":{"host":"35.212.254.197","accept-encoding":"gzip, deflate","connection":"keep-alive","user-agent":"python-httpx/0.23.3","accept":"application/dns-message","content-type":"application/dns-message","content-length":"27"},"remoteAddress":"8.209.68.21","userAgent":"python-httpx/0.23.3"},"res":{"statusCode":404,"responseTime":54,"contentLength":9},"message":"POST /dns-query 404 54ms - 9.0B"}
Jun 12 17:13:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:13:44Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/index.php?s=%2FIndex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21","method":"get","headers":{"host":"35.212.254.197:443","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","accept-encoding":"gzip","connection":"close"},"remoteAddress":"83.97.73.89","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /index.php?s=%2FIndex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21 401 5ms - 9.0B"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: },
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: [Symbol(OpenSearchError)]: 'OpenSearch/notAuthorized'
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: }
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"log","@timestamp":"2023-06-12T17:04:43Z","tags":["error","plugins","securityDashboards"],"pid":20273,"message":"SAML IDP initiated authentication workflow failed: Error: failed to get token"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"error","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","message":"Internal Server Error"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"post","statusCode":500,"req":{"url":"/_opendistro/_security/saml/acs/idpinitiated","method":"post","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acacbf2e9c31-IAD","content-length":"12577","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","cache-control":"max-age=0","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"macOS\"","upgrade-insecure-requests":"1","origin":"https://okta.com","content-type":"application/x-www-form-urlencoded","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"cross-site","sec-fetch-mode":"navigate","sec-fetch-dest":"document","referer":"https://okta.com/","priority":"u=0, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.46","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://okta.com/"},"res":{"statusCode":500,"responseTime":75,"contentLength":9},"message":"POST /_opendistro/_security/saml/acs/idpinitiated 500 75ms - 9.0B"}
Jun 12 17:04:43 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:04:43Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"wazuh","connection":"Keep-Alive","accept-encoding":"gzip","x-forwarded-for":"40.133.177.97","cf-ray":"7d63acafeb1d9c31-IAD","x-forwarded-proto":"https","cf-visitor":"{\"scheme\":\"https\"}","sec-ch-ua":"\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Brave\";v=\"114\"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","sec-ch-ua-platform":"\"macOS\"","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-gpc":"1","accept-language":"en-US,en;q=0.5","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","referer":"https://wazuh/_opendistro/_security/saml/acs/idpinitiated","priority":"u=1, i","cdn-loop":"cloudflare","cf-connecting-ip":"40.133.177.97","cf-ipcountry":"US"},"remoteAddress":"172.70.174.55","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","referer":"https://wazuh./_opendistro/_security/saml/acs/idpinitiated"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /favicon.ico 401 6ms - 9.0B"}
Jun 12 17:05:51 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:05:51Z","tags":[],"pid":20273,"method":"post","statusCode":404,"req":{"url":"/dns-query","method":"post","headers":{"host":"35.212.254.197","accept-encoding":"gzip, deflate","connection":"keep-alive","user-agent":"python-httpx/0.23.3","accept":"application/dns-message","content-type":"application/dns-message","content-length":"27"},"remoteAddress":"8.209.68.21","userAgent":"python-httpx/0.23.3"},"res":{"statusCode":404,"responseTime":54,"contentLength":9},"message":"POST /dns-query 404 54ms - 9.0B"}
Jun 12 17:13:44 wazuh-dashboard opensearch-dashboards[20273]: {"type":"response","@timestamp":"2023-06-12T17:13:44Z","tags":[],"pid":20273,"method":"get","statusCode":401,"req":{"url":"/index.php?s=%2FIndex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21","method":"get","headers":{"host":"35.212.254.197:443","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","accept-encoding":"gzip","connection":"close"},"remoteAddress":"83.97.73.89","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"},"res":{"statusCode":401,"responseTime":5,"contentLength":9},"message":"GET /index.php?s=%2FIndex%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21 401 5ms - 9.0B"}
Please keep in mind with the above log I sanitized all of our DNS. So anywhere where you see https://wazuh/ or okta.com I have removed the DNS that is actually there for security sake.
Any help is appreciated here!
Thank you,
-Steven
Federico Gustavo Caffieri
Jun 13, 2023, 6:01:38 PM6/13/23
to Wazuh mailing list
Hi Steven Paugh,
According to the errors that are displayed in the logs that you provided us, it seems that you are encountering an authentication error when trying to access Wazuh via Okta SSO.
To troubleshoot this issue, you can perform the following steps:
Verify the SAML configuration: Make sure that the settings on both the IDP and SP sides, are properly configured and the credentials used for authentication are correct. I will share you a detailed step by step to configure Okta, you need to go to the Okta section into the issue description. Please make sure you have made all the steps and settings from this link.
https://github.com/wazuh/wazuh-documentation/issues/2981
This are the same steps that the link you provide
Test connectivity: Make sure that the IDP and SP can communicate with each other over the network. Check that the ports are open and that there are no firewall restrictions.
Check credentials: Make sure that the provided credentials for authentication are correct and valid.
Please can you check or share with us the Okta logs to see if they provide us with any additional information. Also review Wazuh logs. Please avoid sending us sensitive information
Please let me know if you can solve your problem with this check.
According to the errors that are displayed in the logs that you provided us, it seems that you are encountering an authentication error when trying to access Wazuh via Okta SSO.
To troubleshoot this issue, you can perform the following steps:
Verify the SAML configuration: Make sure that the settings on both the IDP and SP sides, are properly configured and the credentials used for authentication are correct. I will share you a detailed step by step to configure Okta, you need to go to the Okta section into the issue description. Please make sure you have made all the steps and settings from this link.
https://github.com/wazuh/wazuh-documentation/issues/2981
This are the same steps that the link you provide
Test connectivity: Make sure that the IDP and SP can communicate with each other over the network. Check that the ports are open and that there are no firewall restrictions.
Check credentials: Make sure that the provided credentials for authentication are correct and valid.
Please can you check or share with us the Okta logs to see if they provide us with any additional information. Also review Wazuh logs. Please avoid sending us sensitive information
Please let me know if you can solve your problem with this check.
Reply all
Reply to author
Forward
0 new messages