Browse your product documentation including release notes and installers
Note: This document applies to Cb Response versions 6.3.0 and 6.3.1.
This documentation provides information for administrators who are responsible for integrating Cb Response with various other tools. It discusses:
See the Comments below for changes to this version.
Note: This document is being posted prior to update of the CB Response Cloud and release of CB Response server to version 6.3.0. Please monitor the User eXchange for the official release announcement.
Changes to the March 2019 6.3.0 version since the latest 6.2 version:
In the "Integrating with SSO Identity Providers" chapter, consider editing table 5 on page 38 so that the builtin_role is written as: "global_admin"
builtin_roles Optional Required to set permissions. A list of
roles.
Valid roles: “GlobalAdmin”
If None, this field is ignored.
If an empty list ([]), all roles are removed.
If you notice the example config file on page 41, "global_admin" is displayed correctly. You can verify the proper syntax (if you have SSO enabled) by searching the ../coreservices/debug.log. In the example that I found, you will notice that the name of the role is represented as "Global Admin" but the attribute needs to be written as "global_admin" in the sso_attr.py script or else it isn't recognized:
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Authentication Response:
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Attributes returned in SAML response:
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - first_name: [u'John']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - last_name: [u'Doe']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - role: [u'GlobalAdmin']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - uid: [u'redacted username']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - email: [u'John.Doe@email.edu']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Custom SAML attribute map returned:
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - username: redacted username
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - first_name: John
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - last_name: Doe
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - builtin_roles: ['global_admin']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - teams: ['Administrators']
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - authorized: True
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - email: John.Doe@email.edu
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Updating redacted username profile to John, Doe, John.Doe@email.edu
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Updating [redacted] to Global Admin role.
2019-03-27 11:02:36 [20510] <debug> cb.flask.blueprints.api_routes_saml - Updating team membership for [redacted] to [{'id': 1, 'name': u'Administrators'}]
djay: This will be fixed in the next release.