-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wazuh reverse proxy apache shibboleth #891
Comments
can share the Apache config for that, and the dashboard config. |
Yes I can - see the attachments |
can try to edit your opensearch_dashboards to be http insted of https , since i see this error indicate that your request is send by http and trying to reach https , so 2- on opensearch_dashboards add
|
Still without success - either without SSL. Message: "Wazuh dashboard server is not ready yet" is now displayed in the internet browser window and in the log is large java message: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: ... |
@cerny2022 |
I am trying to setup proxy authentication as written in: https://opensearch.org/docs/latest/security/authentication-backends/proxy/, but I dont know if this is applicable to wazuh or not (mentioned link is for opensearch ...). I dont use Docker images. I added one additonal user before trying to implement Apache/Shibboleth proxy. So far as I know proxy IDP should only confirm to wazuh that user is authenticated (password is not send to wazuh). |
@cerny2022 Could you check for the logs? |
Hello, I have attached anonymized syslog log. Regards M. Cerny |
Hello, I hope I have configured proxy authentication/authorization in wazuh according to the documentation, but I am still receiving the same error (in the wazuh-cluster.log) although I am successfully authorized in my IDP: [WARN ][o.o.s.a.BackendRegistry ] [node-1] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'. What header is expected, please help. Regards. Martin Cerny
The text was updated successfully, but these errors were encountered: