Use case:
Set up Keycloak for Authentication using SAML protocol in Wazuh.
Keycloak configuration:
- Create a new client with the protocol set toÂ
saml :
- Configure it to use the below options:
- Add a role naming itÂ
Administrator:
- Add aÂ
Role listmapper:
- Navigate toÂ
Installation to generate the IDP and SP metadata files:
- TheÂ
idp.entity_id &Âexchange_keys are included in theÂidp-metadata.xml file:
Wazuh indexer configuration:
- Place the content ofÂ
idp-metadata.xml &Âsp-metadata.xml respectively within /etc/wazuh-indexer/certs/idp_metadata.xml &Â/etc/wazuh-indexer/certs/sp_metadata.xml setting the ownership toÂwazuh-indexer :
chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs/sp_metadata.xml
chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs/idp_metadata.xml- Configure the Wazuh indexer to use SAML by modifyingÂ
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml :
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
internal_auth:
order: 0
description: "HTTP basic authentication using the internal user database"
http_enabled: true
transport_enabled: true
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
saml_auth:
order: 1
description: "SAML provider"
http_enabled: true
transport_enabled: false
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: /etc/wazuh-indexer/certs/idp_metadata.xml
entity_id: http://192.168.0.92:8080/realms/master
sp:
entity_id: WazuhSAMLID
metadata_file: /etc/wazuh-indexer/certs/sp_metadata.xml
kibana_url: https://192.168.0.144/
roles_key: Roles
exchange_key: 'MIICmzCCAYMCBgGEcsVHGzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIxMTEzMjA1MjIyWhcNMzIxMTEzMjA1NDAyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPyuaYpgSOSiLFpj6u+TgGTEqspH/iBfBkHOwkEHlHXqkjLLZzzWMNxnzKxU/rjwpuxX6tNP0NQzzLe97Cq4hB9BLixcUJwzBdnlSDr3yI/kASSojqllPcrx94CTs6hMUC5RU6wNanAD5wu1OkI9DPUjN+0/3QCbVGDMjCzgT6u6PkRe9m9kg1Gp6MpdVmmfn8sVdp9HycbZM6gRCL0EU5DZubjHwO+QGmjZRCGmIAenuoTUDttCLC/TzzxeZ8dMHiUohiQYKtkavRLuhuqdCgHXASvE89BY9pv626TivUb3wx/LV9E4qeLb0LMmUSDtVH28M71cmaKClAOnZR0QUlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADi/ylzDpO1c8HODIIKPzFi6wsbGYyiGzHwZQTFvb6mXBUCpgoRk10RMshlyvWu27MtvYl3ot6ayPxwcJfCFf0KNladmPCR/3cKUvGEr/2AuXbXXoJSniua/LGTHp42D8B1xVOP5v8dvKPar50KK2BXhbvRZqbyemZ7MXb6P6hPZz2cYdjAcN48Zq4obNznUqd46hcHqDHtzVxIXlgpeA1B2QbUR3NdxsVWT8hcoh6xfNxh1RpNmWRGMsnHkFovJOvs1QCgrEjQzf1x+6m7JF+BNI7B3EZoTuft9TsiqppTBzUkTp6B0/FMkfy2OeLcUitag3JbPmkvY2rTAkGBrpnI='
authentication_backend:
type: noop
- Load the new security configuration:
export JAVA_HOME=/usr/share/wazuh-indexer/jdk && /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnvWazuh Dashboard configuration:
- Set the authentication toÂ
saml by adding below toÂ/etc/wazuh-dashboard/opensearch_dashboards.yml :
opensearch_security.auth.type: "saml"
server.xsrf.whitelist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]As this might be solved in future versions you should perform the next step only if you are facing logout issue (https://forum.opensearch.org/t/saml-issue-on-logout/5617/14).
- Modify the logout endpoint inÂ
/usr/share/wazuh-dashboard/plugins/securityDashboards/server/auth/types/saml/routes.js by changing it fromÂ/auth/logout toÂ/logout:
this.router.get({
path: `/logout`,
validate: false
}, async (context, request, response) => {
try {
const authInfo = await this.securityClient.authinfo(request);
this.sessionStorageFactory.asScoped(request).clear(); // TODO: need a default logout page
const redirectUrl = authInfo.sso_logout_url || this.coreSetup.http.basePath.serverBasePath || '/';
return response.redirected({
headers: {
location: redirectUrl
}
});
} catch (error) {
context.security_plugin.logger.error(`SAML logout failed: ${error}`);
return response.badRequest();
}
});
}
}
exports.SamlAuthRoutes = SamlAuthRoutes;- Restart Wazuh dashboard:Â
systemctl restart wazuh-dashboard
DEMO:
I hope you find it useful ð
26 responses to “Wazuh & Keycloak using SAML”
buy oral stromectol – ivermectin 6mg over counter tegretol 400mg for sale
order accutane pill – order accutane generic zyvox without prescription
925535 322360I love your wordpress template, where did you download it from? 135047
… [Trackback]
[…] Read More here: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] Information on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] Find More Info here on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] Find More Info here on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] Here you can find 14316 additional Info on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
zithromax pill – how to buy tindamax buy nebivolol 5mg pill
… [Trackback]
[…] Read More Info here on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
buy omnacortil medication – azipro 500mg canada order prometrium 200mg for sale
… [Trackback]
[…] Read More on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] There you will find 52425 more Info on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
… [Trackback]
[…] Read More on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
buy neurontin pills for sale – anafranil tablet buy itraconazole online
… [Trackback]
[…] There you can find 5010 more Information on that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
lasix 100mg oral – buy betnovate 20 gm online3 buy generic betamethasone
… [Trackback]
[…] There you can find 84504 more Info to that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
monodox drug – order acticlate for sale glipizide uk
order augmentin 625mg pill – augmentin 1000mg without prescription duloxetine 40mg cost
… [Trackback]
[…] Info to that Topic: opensourcesecurityblogs.com/wazuh-keycloak-using-saml/ […]
order augmentin for sale – augmentin 1000mg us buy cymbalta 40mg online cheap
buy rybelsus 14mg generic – levitra 10mg ca cyproheptadine 4 mg price
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
generic tizanidine 2mg – hydroxychloroquine pills microzide 25mg pills