Wazuh Keycloak SAML
Bob Barrett
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}v
Oct 07 03:53:27 localhost opensearch-dashboards[705]: {"type":"error","@timestamp":"2025-10-07T03:53:27Z","tags":[],"pid":705,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://xxx.domain.com/auth/saml/login?redirectHash=false&nextUrl=%2F","message":"Internal Server Error"}
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}
Stuti Gupta
Hi
Bob
The error "failed parsing SAML config" and the 500 Internal Server Error indicate an issue with the SAML configuration or the exchange key setup on that server.
Please share the file /etc/wazuh-indexer/opensearch-security/config.yml, ensuring that any sensitive information is hidden.
After editing the configuration, make sure to run the securityadmin script to apply the changes:
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv-
The -h flag specifies the hostname or IP of the Wazuh Indexer node.
-
The example uses 127.0.0.1; replace it with your Wazuh Indexer address if needed.
-
Share the output of this command so we can verify the applied changes.
Make sure the exchange_key is generated using:
openssl rand -hex 32After generating the key, run the securityadmin script again.
Additionally, check the file /etc/wazuh-indexer/opensearch-security/roles_mapping.yml and ensure it includes the realm roles used in Keycloak. Run the securityadmin script afterward to apply these mappings.
If the issue persists, please provide the logs from both the Wazuh Indexer and Wazuh Dashboard so we can investigate further.
For detailed official instructions on this setup, refer to Wazuh’s documentation:
Wazuh Single Sign-On with Keycloak – Administrator Role
Barrett, Bob C.
Hi Stuti,
Here’s the log event I get when I try to connect:
Oct 08 02:17:58 demo opensearch-dashboards[73160]: {"type":"response","@timestamp":"2025-10-08T02:17:58Z","tags":[],"pid":73160,"method":"get","statusCode":500,"req":{"url":"/auth/saml/login?redirectHash=true&nextUrl=%2Fapp%2Fendpoints-summary","method":"get","headers":{"host":"xxx.domain.com","accept-encoding":"gzip,
br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"1.2.3.4,5.6.7.8","cf-ray":"98b2251f3ca950ec-MCI","priority":"u=0, i","cache-control":"max-age=0","sec-ch-ua":"\"Chromium\";v=\"140\", \"Not=A?Brand\";v=\"24\", \"Google Chrome\";v=\"140\"","sec-ch-ua-mobile":"?0","sec-ch-ua-platform":"\"Windows\"","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-user":"?1","sec-fetch-dest":"document","referer":"https://xxx.domain.com/auth/saml/captureUrlFragment?nextUrl=%2Fapp%2Fendpoints-summary","cdn-loop":"cloudflare;
loops=1","cf-connecting-ip":"5.6.7.8","cf-ipcountry":"US","cf-visitor":"{\"scheme\":\"https\"}","x-forwarded-proto":"https","connection":"Keep-Alive"},"remoteAddress":"172.70.176.103","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36","referer":"https://xxx.domain.com/auth/saml/captureUrlFragment?nextUrl=%2Fapp%2Fendpoints-summary"},"res":{"statusCode":500,"responseTime":10,"contentLength":9},"message":"GET /auth/saml/login?redirectHash=true&nextUrl=%2Fapp%2Fendpoints-summary
500 10ms - 9.0B"}
Oct 08 02:17:58 demo opensearch-dashboards[73160]: {"type":"response","@timestamp":"2025-10-08T02:17:58Z","tags":[],"pid":73160,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"xxx.domain.com","accept-encoding":"gzip, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"1.2.3.4,5.6.7.8","cf-ray":"98b22521385650ec-MCI","priority":"u=1, i","sec-ch-ua-platform":"\"Windows\"","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36","sec-ch-ua":"\"Chromium\";v=\"140\", \"Not=A?Brand\";v=\"24\", \"Google Chrome\";v=\"140\"","sec-ch-ua-mobile":"?0","accept":"image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8","sec-fetch-site":"same-origin","sec-fetch-mode":"no-cors","sec-fetch-dest":"image","referer":https://xxx.domain.com/auth/saml/login?redirectHash=true&nextUrl=%2Fapp%2Fendpoints-summary,"cdn-loop":"cloudflare; loops=1","cf-connecting-ip":"1.2.3.4","cf-ipcountry":"US","cf-visitor":"{\"scheme\":\"https\"}","x-forwarded-proto":"https","connection":"Keep-Alive"},"remoteAddress":"2.3.4.5","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36","referer":https://xxx.domain.com/auth/saml/login?redirectHash=true&nextUrl=%2Fapp%2Fendpoints-summary},"res":{"statusCode":401,"responseTime":3,"contentLength":9},"message":"GET /favicon.ico 401 3ms - 9.0B"}
First security script output:
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem
-cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.19.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["config"],"updated_config_size":1,"message":null} is 1 (["config"]) due to: null
Done with success
Second security script output:
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem
-cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.19.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null
Done with success
My browser redirects to the following URL: https://xxx.domain.com/auth/saml/login?redirectHash=false&nextUrl=%2F
I replaced my real Wazuh server with xxx.domain.com
I followed the article you shared but get the same outcome every time. Let me know if you need anything else.
Thanks,
Bob
From: 'Stuti Gupta' via Wazuh | Mailing List <wa...@googlegroups.com>
Sent: Tuesday, October 7, 2025 12:19 AM
To: Wazuh | Mailing List <wa...@googlegroups.com>
Subject: Re: Wazuh Keycloak SAML
CAUTION:This email originated outside of Maryville University. Review links and attachments carefully before opening.
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/wazuh/qhFkZMo4EeU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
wazuh+un...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/wazuh/daccd9d1-1571-4b2f-8e40-05d012249b6cn%40googlegroups.com.
Stuti Gupta
The first log shows a 500 Internal Server Error when accessing /auth/saml/login, which means the Wazuh Dashboard cannot parse or process the SAML configuration for this node. The second entry shows a 401 Unauthorized for /favicon.ico, which is a follow-up request. The logs confirm that the problem is server-side SAML configuration, not the browser or network.
This usually points to one of the following issues:
The exchange_key in /etc/wazuh-indexer/opensearch-security/config.yml may not match what the Dashboard expects. Make sure it is correctly generated with:
openssl rand -hex 32
Then rerun the securityadmin script.
Verify that the roles_mapping.yml includes all Keycloak realm roles used by the users. After any updates, rerun the securityadmin script.
If you still face the issue, then please share the file:
/etc/wazuh-indexer/opensearch-security/roles_mapping.yml
journalctl -u wazuh-dashboard | grep -i -E "error|warn"
Barrett, Bob C.
Hi Stuti,
I reran the security scripts and ensured that I had created the key and added it to the appropriate spot in the config.yml file. Still I get an error when I try to load the page. I shared the logs as you requested along with the roles_mapping.yml
file.
Oct 08 13:41:15 demo opensearch-dashboards[78438]: {"type":"log","@timestamp":"2025-10-08T13:41:15Z","tags":["error","plugins","wazuh","queue"],"pid":78438,"message":"An error ocurred in the delayed request: \"DELETE /security/user/authenticate\": Request failed
with status code 401"}
Oct 08 13:42:08 demo opensearch-dashboards[78532]: {"type":"log","@timestamp":"2025-10-08T13:42:08Z","tags":["warning","config","deprecation"],"pid":78532,"message":"It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. Instead, supply the \"osd-xsrf\" header."}
Oct 08 13:42:08 demo opensearch-dashboards[78532]: {"type":"log","@timestamp":"2025-10-08T13:42:08Z","tags":["warning","cross-compatibility-service"],"pid":78532,"message":"Starting cross compatibility service"}
Oct 08 13:42:14 demo opensearch-dashboards[78532]: {"type":"log","@timestamp":"2025-10-08T13:42:14Z","tags":["error","plugins","securityDashboards"],"pid":78532,"message":"Failed to get saml header: Authentication Exception :: {\"path\":\"/_plugins/_security/authinfo\",\"query\":{\"auth_type\":\"saml\"},\"statusCode\":401,\"response\":\"Authentication finally failed\"}"}
Oct 08 13:42:14 demo opensearch-dashboards[78532]: {"type":"error","@timestamp":"2025-10-08T13:42:14Z","tags":[],"pid":78532,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://xxx.domain.com/auth/saml/login?redirectHash=false&nextUrl=%2F","message":"Internal Server Error"}
roles_mapping.yml
# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
# Permissions for Opendistro roles are configured in roles.yml
_meta:
type: "rolesmapping"
config_version: 2
# Define your roles mapping here
## Default roles mapping
all_access:
reserved: true
hidden: false
backend_roles:
- "admin"
- "demoadmin"
hosts: []
users: []
and_backend_roles: []
description: "Maps admin to all_access"
own_index:
reserved: false
hidden: false
backend_roles: []
hosts: []
users:
- "*"
and_backend_roles: []
description: "Allow full access to an index named like the username"
logstash:
reserved: false
hidden: false
backend_roles:
- "logstash"
hosts: []
users: []
and_backend_roles: []
readall:
reserved: true
hidden: false
backend_roles:
- "readall"
hosts: []
users: []
and_backend_roles: []
manage_snapshots:
reserved: true
hidden: false
backend_roles:
- "snapshotrestore"
hosts: []
users: []
and_backend_roles: []
kibana_server:
reserved: true
hidden: false
backend_roles: []
hosts: []
users:
- "kibanaserver"
and_backend_roles: []
kibana_user:
reserved: false
hidden: false
backend_roles:
- "kibanauser"
hosts: []
users: []
and_backend_roles: []
description: "Maps kibanauser to kibana_user"
# Wazuh monitoring and statistics index permissions
manage_wazuh_index:
reserved: true
hidden: false
backend_roles: []
hosts: []
users:
- "kibanaserver"
and_backend_roles: []
To view this discussion visit https://groups.google.com/d/msgid/wazuh/f5541e0d-5b20-4334-a32d-155a439d10a4n%40googlegroups.com.
Bob Barrett
Here's my config.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
# Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
# Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
# Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
#filtered_alias_mode: warn
#do_not_fail_on_forbidden: false
#kibana:
# Kibana multitenancy
#multitenancy_enabled: true
#private_tenant_enabled: true
#default_tenant: ""
#server_username: kibanaserver
#index: '.kibana'
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
#internalProxies: '.*' # trust all internal proxies, regex pattern
#remoteIpHeader: 'x-forwarded-for'
###### see https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for regex help
###### more information about XFF https://en.wikipedia.org/wiki/X-Forwarded-For
###### and here https://tools.ietf.org/html/rfc7239
###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
authc:
kerberos_auth_domain:
http_enabled: false
transport_enabled: false
order: 6
http_authenticator:
type: kerberos
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: false
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: '/etc/wazuh-indexer/opensearch-security/idp-metadata.xml'
entity_id: 'https:/xxx.domain.com/realms/master'
sp:
entity_id: wazuh-saml
metadata_file: '/etc/wazuh-indexer/opensearch-security/sp-metadata.xml'
kibana_url: 'https://xxx.domain.com'
roles_key: Roles
exchange_key: 'b520bff8a....'
authentication_backend:
type: noop
proxy_auth_domain:
description: "Authenticate via proxy"
http_enabled: false
transport_enabled: false
order: 3
http_authenticator:
type: proxy
challenge: false
config:
user_header: "x-proxy-user"
roles_header: "x-proxy-roles"
authentication_backend:
type: noop
jwt_auth_domain:
description: "Authenticate via Json Web Token"
http_enabled: false
transport_enabled: false
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
jwt_header: "Authorization"
jwt_url_parameter: null
jwt_clock_skew_tolerance_seconds: 30
roles_key: null
subject_key: null
authentication_backend:
type: noop
clientcert_auth_domain:
description: "Authenticate via SSL client certificates"
http_enabled: false
transport_enabled: false
order: 2
http_authenticator:
type: clientcert
config:
username_attribute: cn #optional, if omitted DN becomes username
challenge: false
authentication_backend:
type: noop
ldap:
description: "Authenticate via LDAP or Active Directory"
http_enabled: false
transport_enabled: false
order: 5
http_authenticator:
type: basic
challenge: false
authentication_backend:
# LDAP authentication backend (authenticate users against a LDAP or Active Directory)
type: ldap
config:
# enable ldaps
enable_ssl: false
# enable start tls, enable_ssl should be false
enable_start_tls: false
# send client certificate
enable_ssl_client_auth: false
# verify ldap hostname
verify_hostnames: true
hosts:
- localhost:8389
bind_dn: null
password: null
userbase: 'ou=people,dc=example,dc=com'
# Filter to search for users (currently in the whole subtree beneath userbase)
# {0} is substituted with the username
usersearch: '(sAMAccountName={0})'
# Use this attribute from the user as username (if not set then DN is used)
username_attribute: null
authz:
roles_from_myldap:
description: "Authorize via LDAP or Active Directory"
http_enabled: false
transport_enabled: false
authorization_backend:
# LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
type: ldap
config:
# enable ldaps
enable_ssl: false
# enable start tls, enable_ssl should be false
enable_start_tls: false
# send client certificate
enable_ssl_client_auth: false
# verify ldap hostname
verify_hostnames: true
hosts:
- localhost:8389
bind_dn: null
password: null
rolebase: 'ou=groups,dc=example,dc=com'
# Filter to search for roles (currently in the whole subtree beneath rolebase)
# {0} is substituted with the DN of the user
# {1} is substituted with the username
# {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
rolesearch: '(member={0})'
# Specify the name of the attribute which value should be substituted with {2} above
userroleattribute: null
# Roles as an attribute of the user entry
userrolename: disabled
#userrolename: memberOf
# The attribute in a role entry containing the name of that role, Default is "name".
# Can also be "dn" to use the full DN as rolename.
rolename: cn
# Resolve nested roles transitive (roles which are members of other roles and so on ...)
resolve_nested_roles: true
userbase: 'ou=people,dc=example,dc=com'
# Filter to search for users (currently in the whole subtree beneath userbase)
# {0} is substituted with the username
usersearch: '(uid={0})'
# Skip users matching a user name, a wildcard or a regex pattern
#skip_users:
# - 'cn=Michael Jackson,ou*people,o=TEST'
# - '/\S*/'
roles_from_another_ldap:
description: "Authorize via another Active Directory"
http_enabled: false
transport_enabled: false
authorization_backend:
type: ldap
#config goes here ...
# auth_failure_listeners:
# ip_rate_limiting:
# type: ip
# allowed_tries: 10
# time_window_seconds: 3600
# block_expiry_seconds: 600
# max_blocked_clients: 100000
# max_tracked_clients: 100000
# internal_authentication_backend_limiting:
# type: username
# authentication_backend: intern
# allowed_tries: 10
# time_window_seconds: 3600
# block_expiry_seconds: 600
# max_blocked_clients: 100000
# max_tracked_clients: 100000
journalctl -u wazuh-dashboard -f | grep -i -E "error|warn"
Oct 09 04:14:28 demo opensearch-dashboards[84332]: {"type":"log","@timestamp":"2025-10-09T04:14:28Z","tags":["warning","cross-compatibility-service"],"pid":84332,"message":"Starting cross compatibility service"}
Oct 09 04:14:46 demo opensearch-dashboards[84332]: {"type":"log","@timestamp":"2025-10-09T04:14:46Z","tags":["error","plugins","securityDashboards"],"pid":84332,"message":"Failed to get saml header: Authentication Exception :: {\"path\":\"/_plugins/_security/authinfo\",\"query\":{\"auth_type\":\"saml\"},\"statusCode\":401,\"response\":\"Authentication finally failed\"}"}
Oct 09 04:14:46 demo opensearch-dashboards[84332]: {"type":"error","@timestamp":"2025-10-09T04:14:46Z","tags":[],"pid":84332,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://xxx.domain.com/auth/saml/login?redirectHash=false&nextUrl=%2F","message":"Internal Server Error"}