Oauth2 User info fails
liviusitoianu opened this issue · comments
liviusitoianu commented
Request Type
Bug Request
Work Environment
Question | Answer |
---|---|
OS version (server) | Ubuntu |
OS version (client) | Ubuntu 20.04 |
Cortex version / git hash | 3.1.6-1 |
Package Type | Binary |
Browser type & version | Chrome |
Problem Description
Identity provider: keycloak
After keycloack login i receive this error:
2022-07-19 12:37:21,613 [ERROR] from org.elastic4play.services.auth.MultiAuthSrv in application-akka.actor.default-dispatcher-8 - Authentication failure
org.elastic4play.AuthenticationError: OAuth2 authentication failure: User info fails:
at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:96)
at org.thp.cortex.services.OAuth2Srv$$anonfun$$nestedInanonfun$authenticate$1$1.applyOrElse(OAuth2Srv.scala:95)
at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:417)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:63)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:100)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:100)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:49)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:48)
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
Cortex application.conf:
oauth2 {
# URL of the authorization server
clientId = "[DELETED]"
clientSecret = "[DELETED]"
redirectUri = "https://[DELETED]/api/ssoLogin"
responseType = "code"
grantType = "authorization_code"
# URL from where to get the access token
authorizationUrl = "https://[DELETED]/protocol/openid-connect/auth"
tokenUrl = "https://[DELETED]protocol/openid-connect/token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
userUrl = "https://[DELETED]/protocol/openid-connect/userinfo"
scope: ["openid", "email"]
}
# Single-Sign On
sso {
# Autocreate user in database?
autocreate = false
# Autoupdate its profile and roles?
autoupdate = false
# Autologin user using SSO?
# autologin = true
# Name of mapping class from user resource to backend user ('simple' or 'group')
mapper = simple
attributes {
login = "user"
name = "name"
roles = "roles"
organization = "org"
}
defaultRoles = ["read", "analyze"]
defaultOrganization = "[DELETED]"
}
}
Who can provide me a working config, both cortex and keycloack if possible?
Can someone explain how sso attributes are working?