Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC An Internal Error Has Occurred #80

Open
elenezet opened this issue Mar 10, 2023 · 2 comments
Open

OIDC An Internal Error Has Occurred #80

elenezet opened this issue Mar 10, 2023 · 2 comments

Comments

@elenezet
Copy link

elenezet commented Mar 10, 2023
edited
Loading

Hello,

I 'm trying to use misp with CAS OIDC. All seem ok but i have this error :
2023-03-10 13:27:45 Error: [JakubOnderka\JsonException] Could not decode provided JSON
Request URL: /users/login
Stack Trace:
#0 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(210): JakubOnderka\Json::decode()
#1 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(2208): JakubOnderka\CurlResponse->json()
#2 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(890): JakubOnderka\OpenIDConnectClient->endpointRequest()
#3 /var/www/MISP/app/Vendor/jakub-onderka/openid-connect-php/src/OpenIDConnectClient.php(555): JakubOnderka\OpenIDConnectClient->requestAuthorization()
#4 /var/www/MISP/app/Plugin/OidcAuth/Lib/Oidc.php(22): JakubOnderka\OpenIDConnectClient->authenticate()
#5 /var/www/MISP/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php(33): Oidc->authenticate()
#6 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(772): OidcAuthenticate->authenticate()
#7 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Component/AuthComponent.php(612): AuthComponent->identify()
#8 /var/www/MISP/app/Controller/UsersController.php(1211): AuthComponent->login()
#9 [internal function]: UsersController->login()
#10 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#11 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#12 /var/www/MISP/app/Vendor/cakephp/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#13 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch()
#14 {main}

I try all options but i don't know why there is a problem.
My conf :
misp
nginx for https
oidc

The format is :
{
"sub": "[email protected]",
"service": "https://misptux.com/",
"auth_time": 1678438129,
"attributes": {
"email": "[email protected]",
"roles": "misp-access",
"userId": "E4883"
},
"id": "[email protected]",
"client_id": "sgp5Ngmy345Aq9grDtkywncgz7Hj9HhYhtKorLMSeQoiSXFw9vUMcxU2kSTjTfYk"
}

I don't understant what's wrong?
@elenezet elenezet changed the title OIDC OIDC An Internal Error Has Occurred Mar 10, 2023
@haavardw
Copy link
Contributor

I believe the "roles" claim is assumed to be an array, so instead of "roles": "misp-access" the Oidc plugin only accepts "roles": ["misp-access"] (I have the same issue with using AWS Cognito which also only supports returning string types in custom claims, so I'm running with a patched plugin to work around this).

@haavardw
Copy link
Contributor

Also it could be that the "roles" claim need to be at the top level, i.e not nested within the attributes block.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@haavardw @elenezet