Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Switching User Organisation failes using header variable authentication #1375

Closed
crackytsi opened this issue May 28, 2020 · 3 comments
Closed
Assignees
Labels
bug TheHive4 TheHive4 related issues
Milestone

Comments

@crackytsi
Copy link

Bug

Work Environment

Question Answer
OS version (server) Debian
OS version (client) 10
TheHive version / git hash 4 RC3
Package Type DEB

Problem Description

If I login using user/password authentication, I can correctly change the organisation. The change is correctly performed.
If I login using header variable authentication, I can change the organisation, but always one organisation is shown. Expected is the same behaviour as doing authentication using user/password.

Additional question:
If I have in multiple organisations the same user with different passwords set: Which password is used?

@crackytsi crackytsi added TheHive4 TheHive4 related issues bug labels May 28, 2020
@To-om
Copy link
Contributor

To-om commented May 28, 2020

The organisation information is stored in the session (inside the cookie THE_HIVE_SESSION). If you don't use session to authenticate the users, organisation switch can't work. You can send the current organisation in the http header X-Organisation.
I recommend you to put {name: session} in the first position in auth.providers array.

@To-om To-om self-assigned this May 28, 2020
@crackytsi
Copy link
Author

Hmm with the same config it is working if I logout explizitly from header variable authentication and relogin using user/password. During that step, I don't do any config-file modification or thehive restart.

My configuration looks like this, and already includes the session:

auth {
  providers = [
    {name: session}
    {name: basic, realm: thehive}
    {name: header, userHeader:AUTH_USER}
    {name: key}
    {name: local}
  ]
}

@To-om
Copy link
Contributor

To-om commented May 29, 2020

I see, the session is not used if the user is authenticated by the header. The organisation must be store outside the session.

To-om added a commit that referenced this issue May 29, 2020
@To-om To-om closed this as completed May 29, 2020
@To-om To-om added this to the 4.0.0-RC4 milestone May 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug TheHive4 TheHive4 related issues
Projects
None yet
Development

No branches or pull requests

2 participants