MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix OIDC_ENABLE Toggle Logic in MISP Environment Configuration (#161) 

* Fix OIDC_ENABLE Toggle Logic in MISP Environment Configuration

* Update sudo Usage for MISP Configuration Commands

---------

Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>
pull/170/head
DiegolAmaral 2024-10-04 13:46:45 +00:00 committed by GitHub
parent a5fd58ab25
commit 31db79c0df
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 59 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
core/files/configure_misp.sh
View File

@ -72,11 +72,7 @@ GPGEOF
} }
set_up_oidc() { set_up_oidc() {
if [[ "$OIDC_ENABLE" != "true" ]]; then if [[ "$OIDC_ENABLE" == "true" ]]; then
echo "... OIDC authentication disabled"
return
fi
if [[ -z "$OIDC_ROLES_MAPPING" ]]; then if [[ -z "$OIDC_ROLES_MAPPING" ]]; then
OIDC_ROLES_MAPPING="\"\"" OIDC_ROLES_MAPPING="\"\""
fi fi
@ -85,12 +81,14 @@ set_up_oidc() {
# OIDC_ISSUER may be empty # OIDC_ISSUER may be empty
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
# Configure OIDC in MISP
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{ sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"Security\": { \"Security\": {
\"auth\": [\"OidcAuth.Oidc\"] \"auth\": [\"OidcAuth.Oidc\"]
} }
}" > /dev/null }" > /dev/null
# Set OIDC authentication details in MISP
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{ sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"OidcAuth\": { \"OidcAuth\": {
\"provider_url\": \"${OIDC_PROVIDER_URL}\", \"provider_url\": \"${OIDC_PROVIDER_URL}\",
@ -103,15 +101,43 @@ set_up_oidc() {
} }
}" > /dev/null }" > /dev/null
# Set the custom logout URL for the OIDC plugin only if OIDC_LOGOUT_URL is defined # Set the custom logout URL for OIDC if it is defined
if [[ -n "${OIDC_LOGOUT_URL}" ]]; then if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login" sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
else else
echo "OIDC_LOGOUT_URL is not set" echo "OIDC_LOGOUT_URL is not set"
fi fi
# Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116 # Disable password confirmation as recommended in https://github.com/MISP/MISP/issues/8116
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
echo "... OIDC authentication enabled"
else
# Reset OIDC authentication settings to empty values
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"OidcAuth\": {
\"provider_url\": \"\",
\"issuer\": \"\",
\"client_id\": \"\",
\"client_secret\": \"\",
\"roles_property\": \"\",
\"role_mapper\": \"\",
\"default_org\": \"\"
}
}" > /dev/null
# Use sed to remove the OidcAuth.Oidc entry from the 'auth' array in the config.php
sudo -u www-data sed -i "/'auth' =>/,/)/ { /0 => 'OidcAuth.Oidc',/d; }" /var/www/MISP/app/Config/config.php
# Remove the custom logout URL
sudo -u www-data sed -i "/'CustomAuth_custom_logout' =>/d" /var/www/MISP/app/Config/config.php
# Re-enable password confirmation if necessary
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" true
echo "... OIDC authentication disabled"
fi
} }
set_up_ldap() { set_up_ldap() {