Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved support for OpenID connect and OAuth2 #1110

Closed
1earch opened this issue Sep 3, 2019 · 1 comment
Closed

Improved support for OpenID connect and OAuth2 #1110

1earch opened this issue Sep 3, 2019 · 1 comment
Labels
enhancement
Milestone
3.4.1

Comments

@1earch
Copy link

1earch commented Sep 3, 2019

Improved support for OAuth2 and OIDC

I'm creating this issue to centralize some problems related to SSO (PR #430, resolving issue #354). However, before listing problems, I would like to thanks @saibot94 and @To-om for their work on this feature.

Request Type

Bugs and feature requests

Invalid URL

The first error you can encounter is the one quoted in #1010 by @ananth07reddy:

java.lang.IllegalArgumentException: Invalid URL

This error is caused because the config parameter auth.sso.groups.url is mandatory: the user's groups can't be retreived from the user info endpoint (auth.oauth2.userUrl).

Authentication failure (on front-end)

This error was noted by @softybear, in issue #946. Its problem is that the SSO backend code is never reached. Indeed, when signing in with SSO, we are redirected to https://my-hive-instance.com/index.html#/login?code=[received_code] but the front-end code managing SSO login is waiting a URL as https://my-hive-instance.com/index.html?code=[received_code]#/login

Authentication failure on disconnect

The front-end code tries to login us when we want to disconnect, because the code is still in the URL.

Steps to reproduces

  1. SSO login
  2. Be redirected to https://my-hive-instance.com/index.html?code=[received_code]#/login
  3. Be authenticated then see cases
    https://my-hive-instance.com/index.html?code=[received_code]#/cases
  4. Use the disconnect link in navbar and be redirected to https://my-hive-instance.com/index.html?code=[received_code]#/login

Thus, the backend will try to authenticate you with the code another time. This won't work and the frontend will show you a "Authentication failure" error.

SSO auto-login doesn't work

This feature (auth.sso.autologin) doesn't work. When activated, going to my TheHive instance homepage doesn't automagically redirect me to my federated identity provider.

SSO user profile update

The way SSO is actually implemented doesn't allow a user profile update. This should be possible in a case of a company, where employees' rights could be updated.
@1earch 1earch mentioned this issue Sep 3, 2019
Merged
@To-om To-om added this to the 3.4.1 milestone Apr 6, 2020
@To-om
Copy link
Contributor

To-om commented Apr 7, 2020

@1earch Thank you for your contribution.

@To-om To-om closed this as completed Apr 7, 2020
@torsolaso torsolaso mentioned this issue Apr 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
3.4.1
Development

No branches or pull requests
2 participants
@1earch @To-om