Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenID Proxy configuration capability #3426

Closed
3 tasks done
tialocRT opened this issue May 30, 2023 · 4 comments · Fixed by #6103
Closed
3 tasks done

Add OpenID Proxy configuration capability #3426

tialocRT opened this issue May 30, 2023 · 4 comments · Fixed by #6103
Assignees
@richard-julien
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.0

Comments

@tialocRT
Copy link

Prerequisites

  • I read the Deployment and Setup section of the OpenCTI documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
  • I went through old GitHub issues and couldn't find anything relevant
  • I googled the issue and didn't find anything relevant

Description

Can't use the OpenID login with a proxy

I tried to setup the authentication with OpenID instead of LocalStrategy, my OpenCTI return me no errors in logs but I can see Firewall deny logs for the IP of my OpenID provider and no logs on my proxy, so my OpenCTI is bypassing my proxy settings only for OpenID. I don't want to open this flow directly on the FW without passing by my proxy.

Proxy settings has been set with HTTP_PROXXY HTTPS_PROXY and no_proxy for the OpenCTI core processes.
My connectors can crawl datas and their flows pass by the proxy.

Does Someone has set successfully the OpenID login with a proxy ?
Is it an already know issue ?

Environment

  1. Docker (on linux host with proxy settings done)
  2. OpenCTI version: 5.7.4
  3. OpenCTI client: /
  4. Other environment details:

Reproducible Steps

Using docker-compose file with this config:

  • PROVIDERS__OPENID__STRATEGY=OpenIDConnectStrategy
  • "PROVIDERS__OPENID__CONFIG__LABEL=Login with OpenID"
  • PROVIDERS__OPENID__CONFIG__ISSUER=https:///auth/realms/xxxx
  • PROVIDERS__OPENID__CONFIG__CLIENT_ID=
  • PROVIDERS__OPENID__CONFIG__CLIENT_SECRET=
  • "PROVIDERS__OPENID__CONFIG__REDIRECT_URIS=["https://opencti./auth/oic/callback"]"

I read on this node-openid issue (panva/node-openid-client#22) that the proxy settings for panva-node-openid has to be set inside the code, I don't know if it the case for OpenCTI I can't find the related code inside my container to check it.

Thanks by advance
@tialocRT tialocRT added needs triage use to identify issue needing triage from Filigran Product team question Further information is requested labels May 30, 2023
@richard-julien
Copy link
Member

I dont think its possible for now. We start to introduce proxy for more stuff but I think we miss this one.
Tagging it a feature request

@richard-julien richard-julien added feature use for describing a new feature to develop and removed question Further information is requested needs triage use to identify issue needing triage from Filigran Product team labels May 30, 2023
@richard-julien richard-julien changed the title OpenID Login Proxy Bypass Add OpenID Proxy configuration capability May 30, 2023
@simonbjorzen-ts
Copy link

Any progress on this? Would be nice to have.

richard-julien added a commit that referenced this issue Feb 24, 2024
@richard-julien
[backend] Add OpenID Proxy configuration capability (#3426)
76f969a
@richard-julien
Copy link
Member

Difficult to test so try the approach to use an agent with an option

const openIdClient = config.use_proxy ? getPlatformHttpProxyAgent(config.issuer) : undefined;

richard-julien added a commit that referenced this issue Feb 24, 2024
@richard-julien
[backend] Rollback to config usage (#3426)
60d6d6d
@richard-julien richard-julien linked a pull request Feb 25, 2024 that will close this issue
[backend] Add OpenID proxy configuration capability #6103
Merged
richard-julien added a commit that referenced this issue Feb 25, 2024
@richard-julien
[backend] Add OpenID proxy configuration capability (#3426)
77c0bd1
@richard-julien richard-julien added this to the Release 6.0.0 milestone Feb 25, 2024
@richard-julien richard-julien self-assigned this Feb 25, 2024
@richard-julien richard-julien added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 25, 2024
@simonbjorzen-ts
Copy link

Awesome, thanks!

Archidoit pushed a commit that referenced this issue Jun 6, 2024
@richard-julien @Archidoit
[backend] Add OpenID proxy configuration capability (#3426)
cd1011b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richard-julien richard-julien

Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.0
Development

Successfully merging a pull request may close this issue.

[backend] Add OpenID proxy configuration capability OpenCTI-Platform/opencti
3 participants
@richard-julien @tialocRT @simonbjorzen-ts