Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

User Fails to login to Cb Response Console with SSO

User Fails to login to Cb Response Console with SSO

Version

Cb Response 5.2.x, 6.x

Issue

A user is unable to login to the Cb Response console though SSO. This is occurring for all users during initial implementation or for a new user with a unique user field

Symptoms

URL after failed login contains "err_code=1" or "err_code=2" and /var/log/cb/nginx/access.log shows a failed authentication on the server. A user is able to login without SSO

Cause

Either the user is invalid or there is a configuration issue

Solution

  1. Determine if the user is valid. The error codes are associated with the following cause:
    1. err_code=1 indicates "invalid user"
      Add the user in your integrated user database
    2. err_code=2 indicates all other errors
      Follow below steps
  2. Enable Verbose Debugging for SSO/SAML
  3. Reproduce the authentication issue and review verbose logs:
    tail -f /var/log/cb/coreservices/debug.log
  4. Make adjustments to the attribute mapper and sso configuration file:
    1. If the process gets stuck making an external request, review the sso configuration: /etc/cb/sso/sso.conf
    2. If there is a "validation rules" error, massage the data in the attribute mapper /etc/cb/sso/attr_map.py
      <err> cb.auth.auth - The value 'FIELD' does not meet input validation rules for field 'FIELD'
      Following any changes, verify that the script can compile with this command:
      python /etc/cb/sso/attr_map.py
      Note: This can compile cleanly if you don't receive any errors 
  5. Restart services and see if the issue is resolved
    service cb-enterprise restart
  6. Remove verbose authentication logging in Enable Verbose Debugging for SSO/SAML

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-05-2016
Views:
1101
Contributors