You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to get Google SSO working with my Wazuh instance according to the official guide.
When trying to run the securityadmin tool script, this becomes my output:
[wazuh-user@wazuh-server ~]$ export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && sudo bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnv
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
which: no java in (/sbin:/bin:/usr/sbin:/usr/bin)
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
[wazuh-user@wazuh-server ~]$
and that's it. No other command output, which I thought might be due to the fact that OpenSearch is really trying to deprecate that script. Even stripping all the arguments returns the same exact output.
Continuing with the rest of the guide as-is and restarting both wazuh-indexer and wazuh-dashboard returns a 500 error in my browser whenever I try to access the website. I've already checked my settings in Google Admin, and all variables were changed properly according to the guide. My output from sudo systemctl -l status wazuh-dashboard after attempting to access from a browser (with cleared cookies) returns this:
[wazuh-user@wazuh-server ~]$ sudo systemctl -l status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-05-09 09:35:03 UTC; 23min ago
Main PID: 4443 (node)
CGroup: /system.slice/wazuh-dashboard.service
└─4443 /usr/share/wazuh-dashboard/node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist -c /etc/wazuh-dashboard/opensearch_dashboards.yml
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: {"type":"log","@timestamp":"2024-05-09T09:35:36Z","tags":["error","plugins","securityDashboards"],"pid":4443,"message":"Failed to get saml header: Error: Error: failed parsing SAML config"}
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: {"type":"error","@timestamp":"2024-05-09T09:35:36Z","tags":[],"pid":4443,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:164:34)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://<REDACTED DOMAIN NAME>/auth/saml/login?nextUrl=%2F&redirectHash=false","message":"Internal Server Error"}
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: {"type":"response","@timestamp":"2024-05-09T09:35:36Z","tags":[],"pid":4443,"method":"get","statusCode":500,"req":{"url":"/auth/saml/login?nextUrl=%2F&redirectHash=false","method":"get","headers":{"host":"<REDACTED DOMAIN NAME>","sec-fetch-site":"same-origin","accept-encoding":"gzip, deflate, br","connection":"keep-alive","sec-fetch-mode":"navigate","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15","referer":"https://<REDACTED DOMAIN NAME>/auth/saml/captureUrlFragment?nextUrl=%2F","sec-fetch-dest":"document","accept-language":"en-US,en;q=0.9"},"remoteAddress":"<REDACTED IP ADDRESS>","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15","referer":"https://<REDACTED DOMAIN NAME>/auth/saml/captureUrlFragment?nextUrl=%2F"},"res":{"statusCode":500,"responseTime":62,"contentLength":9},"message":"GET /auth/saml/login?nextUrl=%2F&redirectHash=false 500 62ms - 9.0B"}
May 09 09:35:36 wazuh-server opensearch-dashboards[4443]: {"type":"response","@timestamp":"2024-05-09T09:35:36Z","tags":[],"pid":4443,"method":"get","statusCode":401,"req":{"url":"/favicon.ico","method":"get","headers":{"host":"<REDACTED DOMAIN NAME>","sec-fetch-site":"same-origin","accept-encoding":"gzip, deflate, br","connection":"keep-alive","sec-fetch-mode":"no-cors","accept":"*/*","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15","referer":"https://<REDACTED DOMAIN NAME>/auth/saml/login?nextUrl=%2F&redirectHash=false","sec-fetch-dest":"image","accept-language":"en-US,en;q=0.9"},"remoteAddress":"<REDACTED IP ADDRESS>","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15","referer":"https://<REDACTED DOMAIN NAME>/auth/saml/login?nextUrl=%2F&redirectHash=false"},"res":{"statusCode":401,"responseTime":2,"contentLength":9},"message":"GET /favicon.ico 401 2ms - 9.0B"}
May 09 09:56:57 wazuh-server opensearch-dashboards[4443]: {"type":"response","@timestamp":"2024-05-09T09:56:57Z","tags":[],"pid":4443,"method":"get","statusCode":401,"req":{"url":"/ws/v4/","method":"get","headers":{"host":"api.gateio.ws:443","user-agent":"Go-http-client/1.1","connection":"Upgrade","sec-websocket-key":"BcUrxCda9moelrt3mMBJ+Q==","sec-websocket-version":"13","upgrade":"websocket"},"remoteAddress":"94.102.56.8","userAgent":"Go-http-client/1.1"},"res":{"statusCode":401,"responseTime":6,"contentLength":9},"message":"GET /ws/v4/ 401 6ms - 9.0B"}
[wazuh-user@wazuh-server ~]$
Would appreciate the assistance if anyone can offer it.
The text was updated successfully, but these errors were encountered:
I did some more digging and was able to solve my immediate issue.
The JAVA_HOME path was properly being set, but it was not being passed to the BIN_PATH variable in the securityadmin script. Hardcoding this value in after the last if/else statement caused the script to work.
After the service restart, I was able to access Wazuh through the Google SSO.
Not sure if this is a Wazuh issue or an OpenSearch issue, but I hope that this discovery helps someone else out using the AMI-based deployment.
I'm trying to get Google SSO working with my Wazuh instance according to the official guide.
When trying to run the
securityadmin
tool script, this becomes my output:and that's it. No other command output, which I thought might be due to the fact that OpenSearch is really trying to deprecate that script. Even stripping all the arguments returns the same exact output.
Continuing with the rest of the guide as-is and restarting both
wazuh-indexer
andwazuh-dashboard
returns a 500 error in my browser whenever I try to access the website. I've already checked my settings in Google Admin, and all variables were changed properly according to the guide. My output fromsudo systemctl -l status wazuh-dashboard
after attempting to access from a browser (with cleared cookies) returns this:Would appreciate the assistance if anyone can offer it.
The text was updated successfully, but these errors were encountered: