Bug
| Question | Answer
|---------------------------|--------------------
| OS version (server) | Ubuntu 16.04
| OS version (client) | Ubuntu
| TheHive version / git hash | 3.1.0-0.1RC1
| Package Type | Docker
After upgrading The Hive from 3.0.9 to 3.1.0-0-RC1, I'm running into issues and hive fails to start. Here are the errors I get in the logs:
thehive_1 | [info] p.c.s.AkkaHttpServer - Listening for HTTP on /0.0.0.0:9000
thehive_1 | [info] p.c.s.AkkaHttpServer - Listening for HTTPS on /0.0.0.0:9443
thehive_1 | [error] o.e.s.a.MultiAuthSrv - Authentication failure
thehive_1 | org.elastic4play.AuthenticationError: Operation not supported
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate$(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.auth.LdapAuthSrv.authenticate(LdapAuthSrv.scala:108)
I did not try to authenticate to the web UI, so I believe this is due to Hive failing to connect to the LDAP server (for whose the credentials are correct).
I also have a second issue, which I believe is not related: the web UI is not accessible on HTTPS (on port 9443) but only via HTTP via port 9000, and the following error occurs:
Caused by: com.typesafe.config.ConfigException$Missing: No configuration setting found for key 'play.server.https.trustStore.path'
thehive_1 | at com.typesafe.config.impl.SimpleConfig.findKeyOrNull(SimpleConfig.java:156)
thehive_1 | at com.typesafe.config.impl.SimpleConfig.findOrNull(SimpleConfig.java:174)
thehive_1 | at com.typesafe.config.impl.SimpleConfig.findOrNull(SimpleConfig.java:180)
I did not change my application.conf, and it is correctly mounted inside the container. The relevant section reads:
play.server.https.keyStore {
path: "/var/certs/hive.jks"
type: "JKS"
password: "redacted"
}
(the file /var/certs/hive.jks exists and is correctly mounted inside the container)
First error seems to come from elastic4play, so maybe it is due to the upgrade of elastic4play version (https://github.com/TheHive-Project/TheHive/commit/1f99c4db63e3805a4f639630a17c30dd51c9bfe9)
Any suggestion welcome, thanks
For the https issue, please try to change play.server.https.keyStore to play.server.https.trustStore. I'm not familiar with that, but the error message indicate that somehow. :)
Tried with the following application.conf:
play.server.https.trustStore {
path: "/var/certs/hive.jks"
type: "JKS"
password: "redacted"
}
And I still get the same errors:
thehive_1 | [error] o.e.s.a.MultiAuthSrv - Authentication failure
thehive_1 | org.elastic4play.AuthenticationError: Operation not supported
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate$(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.auth.LdapAuthSrv.authenticate(LdapAuthSrv.scala:108)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv.$anonfun$authenticate$2(MultiAuthSrv.scala:62)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:46)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:44)
thehive_1 | at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:413)
thehive_1 | at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
thehive_1 | at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
thehive_1 | at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
thehive_1 | [error] o.e.s.a.MultiAuthSrv - Authentication failure
thehive_1 | org.elastic4play.AuthenticationError: Operation not supported
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate$(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.auth.LdapAuthSrv.authenticate(LdapAuthSrv.scala:108)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv.$anonfun$authenticate$2(MultiAuthSrv.scala:62)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:46)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:44)
thehive_1 | at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:413)
thehive_1 | at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
thehive_1 | at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
thehive_1 | at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
thehive_1 | [error] a.a.OneForOneStrategy - No configuration setting found for key 'play.server.https.keyStore.path'
thehive_1 | akka.actor.ActorInitializationException: akka://application/system/StreamSupervisor-0/flow-23-1: exception during creation
thehive_1 | at akka.actor.ActorInitializationException$.apply(Actor.scala:193)
thehive_1 | at akka.actor.ActorCell.create(ActorCell.scala:671)
thehive_1 | at akka.actor.ActorCell.invokeAll$1(ActorCell.scala:525)
thehive_1 | at akka.actor.ActorCell.systemInvoke(ActorCell.scala:547)
thehive_1 | at akka.dispatch.Mailbox.processAllSystemMessages(Mailbox.scala:282)
thehive_1 | at akka.dispatch.Mailbox.run(Mailbox.scala:223)
thehive_1 | at akka.dispatch.Mailbox.exec(Mailbox.scala:234)
thehive_1 | at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
thehive_1 | at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
thehive_1 | at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
I managed to get rid of the second error No configuration setting found for key by setting both play.server.https.keyStore.path and play.server.https.trustStore.path...
But the web UI still doesn't start and the other error stays:
thehive_1 | [error] o.e.s.a.MultiAuthSrv - Authentication failure
thehive_1 | org.elastic4play.AuthenticationError: Operation not supported
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate$(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.auth.LdapAuthSrv.authenticate(LdapAuthSrv.scala:108)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv.$anonfun$authenticate$2(MultiAuthSrv.scala:62)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:46)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:44)
thehive_1 | at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:413)
thehive_1 | at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
thehive_1 | at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
thehive_1 | at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
Hi,
Your Operation not supported error means that you try an authentication using an API key with an LDAP provider. LDAP doesn't support API key authentication. you should add local provider in application.conf: provider=[local,ldap]
For SSL error, I've created an issue in elastic4play (TheHive-Project/elastic4play#64).
As workaround, you can define a truststore containing your certificate authority.
Thank you for your answer!
LDAP doesn't support API key authentication. you should add local provider in application.conf: provider=[local,ldap]
I added it (it used to be type=[local,ldap] instead of provider):
auth {
provider = [local,ldap]
ldap {
serverName = "x.x.x.x:389"
useSSL = false
bindDN = "uid=ldap_browser,dc=...,dc=.."
bindPW = "..."
baseDN="dc=..,dc=.."
filter = "(&(objectClass=inetOrgPerson)(uid={0}))"
}
}
But still getting the same error:
thehive_1 | [error] o.e.s.a.MultiAuthSrv - Authentication failure
thehive_1 | org.elastic4play.AuthenticationError: Operation not supported
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.AuthSrv.authenticate$(UserSrv.scala:44)
thehive_1 | at org.elastic4play.services.auth.LdapAuthSrv.authenticate(LdapAuthSrv.scala:108)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv.$anonfun$authenticate$2(MultiAuthSrv.scala:62)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:46)
thehive_1 | at org.elastic4play.services.auth.MultiAuthSrv$$anonfun$$nestedInanonfun$forAllAuthProvider$1$1.applyOrElse(MultiAuthSrv.scala:44)
thehive_1 | at scala.concurrent.Future.$anonfun$recoverWith$1(Future.scala:413)
thehive_1 | at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:37)
thehive_1 | at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
thehive_1 | at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
It's worth noting that also sometimes (but not always) get this error:
thehive_1 | [error] o.e.s.a.LdapAuthSrv - LDAP authentication failure
thehive_1 | org.elastic4play.AuthenticationError: User not found in LDAP server
thehive_1 | at org.elastic4play.services.auth.LdapConnection.$anonfun$getUserDN$1(LdapAuthSrv.scala:67)
thehive_1 | at scala.util.Try$.apply(Try.scala:209)
thehive_1 | at org.elastic4play.services.auth.LdapConnection.getUserDN(LdapAuthSrv.scala:61)
thehive_1 | at org.elastic4play.services.auth.LdapConnection.$anonfun$authenticate$1(LdapAuthSrv.scala:73)
thehive_1 | at org.elastic4play.services.auth.LdapConnection.$anonfun$connect$2(LdapAuthSrv.scala:49)
thehive_1 | at scala.util.Try$.apply(Try.scala:209)
thehive_1 | at org.elastic4play.services.auth.LdapConnection.$anonfun$connect$1(LdapAuthSrv.scala:47)
thehive_1 | at scala.collection.LinearSeqOptimized.foldLeft(LinearSeqOptimized.scala:122)
thehive_1 | at scala.collection.LinearSeqOptimized.foldLeft$(LinearSeqOptimized.scala:118)
thehive_1 | at scala.collection.immutable.List.foldLeft(List.scala:86)
(I do not log via the web UI at the same time)
Any reason why you closed the issue @To-om?
because the issue is fixed in TheHive 3.1.0-RC2 (planned in few minutes)
Great! Thank you for your responsiveness.
Most helpful comment
because the issue is fixed in TheHive 3.1.0-RC2 (planned in few minutes)