Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert Authentication Ext.Ajax.request() #1368

Closed
4 of 7 tasks
codwow opened this issue Sep 9, 2024 · 2 comments
Closed
4 of 7 tasks

Cert Authentication Ext.Ajax.request() #1368

codwow opened this issue Sep 9, 2024 · 2 comments

Comments

@codwow
Copy link

codwow commented Sep 9, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Are you using the latest version of STIG Manager?

  • I am using the latest Release.
  • I am NOT using the latest Release. I am aware that the first thing I will be asked to do is update the application so that I have the latest bugfixes.

Where are you experiencing the issue?

  • API
  • UI or other client
  • Deployment
  • Elsewhere

Current Behavior

Trying to setup x.509 authentication and running into an issue where it will redirect to keycloak and find my username via CN and redirect back to stig manager and produce Ext.Ajax.request() failed within the stig manager webpage, Im using keycloak 25.0.4. Im able to authenticate via cert without issue if I use a slightly modifed version of the stigman-orchestration with keycloak on 19.0.2

Expected Behavior

No response

Steps To Reproduce

No response

Can you provide screenshots, logs, or other useful artifacts?

In the stig manager log I see this error but I dont know what it means or what else to look at

"error":"error in secret or public key callback: unable to verify the first certificate","stack":"Unauthorized: error in secret or public key callback: unable to verify the first certificate\n at HttpError.create (/home/node/node_modules/express-openapi-validator/dist/framework/types.js:42:24)\n at /home/node/node_modules/express-openapi-validator/dist/middlewares/openapi.security.js:78:43\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"

Describe your Environment

- Hosting: on-prem
- Browser: Edge
- OS: Windows (Client) RHEL 8.10 (Server)
- Node:
- npm:
@cd-rite
Copy link
Collaborator

cd-rite commented Sep 9, 2024

Hi @codwow Your issue sounds very similar to this discussion in our forums, and may have the same solution:
#1046 (comment)

In this case, it sounds like Keycloak was configured with an HTTPS URL (corresponding to the value specified by STIGMAN_OIDC_PROVIDER). If so, you will need to make the CA for the keycloak certificate available to STIGMan using the NODE_EXTRA_CA_CERTS environment variable (and provide that CA in a volume to the container, mapped to the location specified in the envvar).

Since this is most likely an issue with the deployment rather than the app, I'll close the issue for now. Check out that discussion and see if anything there helps, and perhaps open a discussion in our forums if you need to. If you still have issues, providing your docker-compose file (if using one) may be helpful as well.

@cd-rite cd-rite closed this as completed Sep 9, 2024
@codwow
Copy link
Author

codwow commented Sep 9, 2024

I posted a discussion due to still having the issue: #1369

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cd-rite @codwow