From 67aeef79defa91eebda16cad0f453388f68a0f19 Mon Sep 17 00:00:00 2001
From: "kiril.kjiroski@finki.ukim.mk" <kiril.kjiroski@finki.ukim.mk>
Date: Mon, 31 May 2021 10:02:49 +0000
Subject: [PATCH] added sso for cortex

---
 group_vars/all/main.yml                    |  2 +-
 group_vars/all/users.yml                   | 14 +++----
 roles/build/templates/cortex/Dockerfile.j2 |  4 +-
 roles/cortex/templates/application.conf.j2 | 48 ++++------------------
 4 files changed, 19 insertions(+), 49 deletions(-)

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index bc3794f..dd85561 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,6 +1,6 @@
 ---
 
-soctoolsproxy: "CHANGE_ME_TO_FQDN"
+soctoolsproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"
 
 maxmind_key: ""
 
diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
index b0f97bc..b6164d6 100644
--- a/group_vars/all/users.yml
+++ b/group_vars/all/users.yml
@@ -1,6 +1,6 @@
 ---
 
-domain: "soctools.test"
+domain: "uninett.no"
 
 soctools_users:
   - firstname: "User1"
@@ -9,12 +9,12 @@ soctools_users:
     email: "user1@{{domain}}"
     DN: "CN=User1Soctools"
     CN: "User1Soctools"
-  - firstname: "User2"
-    lastname: "SOC"
-    username: "user2"
-    email: "user2@{{domain}}"
-    DN: "CN=User2Soctools"
-    CN: "User2Soctools"
+  - firstname: "Kiril"
+    lastname: "Kjiroski"
+    username: "kiril.kjiroski"
+    email: "kiril.kjiroski@{{domain}}"
+    DN: "CN=Kiril Kjiroski"
+    CN: "Kiril Kjiroski"
 
 # Minimum one user is required
 ODFE_ADMIN_USERS:
diff --git a/roles/build/templates/cortex/Dockerfile.j2 b/roles/build/templates/cortex/Dockerfile.j2
index ceeb6a5..a6488ad 100644
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -5,13 +5,13 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
     echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
     echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
     echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
-    echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
+    echo "baseurl=https://rpm.thehive-project.org/release/noarch" >> /etc/yum.repos.d/thehive.repo && \
     echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
     yum install -y epel-release && \
     rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
     rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
     yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch  gcc-c++ whois && \
-    rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
+    rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.10.2-x86_64.rpm && \
     chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
     mkdir -p /home/cortex && \
     chown -R cortex:cortex /home/cortex && \
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index e872e5d..8a235d5 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -124,10 +124,10 @@ auth {
 
     # The endpoint from which to obtain user details using the OAuth token, after successful login
     userUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
-    scope = "profile"
+    # scope = "profile"
+    
     userIdField = "email"
-    #userUrl = "https://auth-site.com/api/User"
-    #scope = ["openid profile"]
+    scope = ["openid email profile offline_access User.Read"]
   }
 
   ws.ssl.trustManager {
@@ -143,48 +143,18 @@ auth {
 
   # Single-Sign On
   sso {
-    # Autocreate user in database?
-    autocreate = true
-
-    # Autoupdate its profile and roles?
-    autoupdate = true
-
-    # Autologin user using SSO?
+    autocreate = false
+    autoupdate = false
     autologin = true
-
-    # Name of mapping class from user resource to backend user ('simple' or 'group')
-    #mapper = group
-    #mapper = simple
-    #attributes {
-    #  login = "user"
-    #  name = "name"
-    #  groups = "groups"
-    #  organization = "org"
-    #}
-#    defaultRoles = ["read", "write", "admin"]
-#    defaultOrganization = "{{domain}}"
-    #defaultRoles = ["read"]
-    #defaultOrganization = "csirt"
-    #groups {
-    #  # URL to retreive groups (leave empty if you are using OIDC)
-    #  #url = "https://auth-site.com/api/Groups"
-    #  # Group mappings, you can have multiple roles for each group: they are merged
-    #  mappings {
-    #    admin-profile-name = ["admin"]
-    #    editor-profile-name = ["write"]
-    #    reader-profile-name = ["read"]
-    #  }
-    #}
+    defaultRoles = ["read"]
+    defaultOrganization = "uninett.no"
 
     mapper = simple
     attributes {
-      login = "user"
-      name = "name"
+      login = "email"
+      name = "email"
       roles = "roles"
-      organization = "org"
     }
-    defaultRoles = ["read", "analyze"]
-    defaultOrganization = "{{domain}}"
   }
 }
 
-- 
GitLab