Comments (4)
mrrothe
commented on July 16, 2024
Just to add, this was working without issue in 6.1 without the additional SAML configuration
from opencti.
SamuelHassine
commented on July 16, 2024
Hello,
Here is the working configuration in our cloud env:
PROVIDERS__SAML__STRATEGY: "SamlStrategy"
PROVIDERS__SAML__CONFIG__LABEL: "Corporate login"
PROVIDERS__SAML__CONFIG__ISSUER: "opencti-filigran"
PROVIDERS__SAML__CONFIG__ENTRY_POINT: "https://login.microsoftonline.com/[REDACTED]/saml2"
PROVIDERS__SAML__CONFIG__SAML_CALLBACK_URL: "https://filigran.octi.filigran.io/auth/saml/callback"
PROVIDERS__SAML__CONFIG__DISABLE_REQUESTED_AUTHN_CONTEXT: "true"
PROVIDERS__SAML__CONFIG__CERT: "MIIC8DCCAdigAwIBAgIQfFMNtRPA5oxAfD5VLfjw9jANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQg[...]"
PROVIDERS__SAML__CONFIG__ACCOUNT_ATTRIBUTE: "http://schemas.microsoft.com/identity/claims/displayname"
PROVIDERS__SAML__CONFIG__FIRSTNAME_ATTRIBUTE: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
PROVIDERS__SAML__CONFIG__LASTNAME_ATTRIBUTE: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
from opencti.
mrrothe
commented on July 16, 2024
I've tried adding the ACCOUNT/FIRSTNAME/LASTNAME ATTRIBUTE fields as per your config above - and tested with all combinations of WANT_AUTHN_RESPONSE_SIGNED and WANT_ASSERTIONS_SIGNED enabled/disabled.
Both -> "SAML assertion audience mismatch"
Just 'WANT_ASSERTIONS_SIGNED=false' -> "Invalid document signature"
Just 'WANT_AUTHN_RESPONSE_SIGNED=false' -> "SAML assertion audience mismatch"
Neither -> "Invalid document signature"
Not sure if there's anything different that needs to be configured on the Entra ID side - no errors/issues in the Entra ID logs and I can't see any configuration options for signing etc on that end.
Does adding a private key to the SAML config allow the response/assertion to be signed and remove the need for these additional parameters? If so is there any documentation for generating this private key?
from opencti.
SamuelHassine
commented on July 16, 2024
@pierremahot @sbocahu did we changed anything in our instances for the Microsoft Entra SAML2 configuration following the library upgrade?
from opencti.
Related Issues (20)
- Allow Reordering of Notes in Incident Response
- Redefine best practices in our Docker images and fix errors when setting a user
- Add support for AWS Signature Version 4 for the OpenSearch client
- Remove TAXII 2.0 and 1.0 options from the UI
- Triggers - add capability to add users to notification list
- Changing "Organizations" in a user make the page full re-render and close the drawer
- Ability to associate color to openvocab representing severity HOT 3
- Main Note
- When threat actor is named "unknown", distribution is displaying the standard ID
- Connectors list columns are not aligned correctly with headers
- Sessions not correctly refreshed when a group is automatically granted to a new marking HOT 1
- [Organization sharing] No button to share certain entities HOT 1
- Add a graphql api to send stix bundle in the ingestion process
- [filters] 'lower than / equals' operator for date filters doesn't take 'equals' into account
- Allow to define multiple CVSS Metric Versions per Vulnerability / CVSS v4
- [Trigger filters] Modify the status of reports after validation of a worbench
- Use of dedicated RabbitMQ queues for integrated feeders/ingestors
- Introduce "Exploitation State" field for vulnerability entities
- "Ask AI" as a playbook component
- Align the UX of the "Incident type" field in an incident
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opencti.