Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Nov 12 11:50
    adulau commented #17
  • Nov 12 11:50

    adulau on master

    Update README.md Proposal to l… Merge pull request #17 from lde… (compare)

  • Nov 12 11:50
    adulau closed #17
  • Nov 12 11:49
    ldelavaissiere opened #17
  • Nov 12 11:46
    iglocska commented #16
  • Nov 12 11:36
    ldelavaissiere commented #16
  • Nov 12 11:35
    adulau commented #16
  • Nov 12 11:35
    adulau closed #16
  • Nov 12 11:35

    adulau on master

    Create information_sharing_dora… Merge pull request #16 from lde… (compare)

  • Nov 12 11:28
    ldelavaissiere opened #16
  • Nov 06 16:52

    adulau on master

    chg: [doc] updated (compare)

  • Nov 06 16:44

    adulau on master

    fix: [book] glossary (compare)

  • Nov 06 16:20

    adulau on master

    chg: [clean-up] various updates… (compare)

  • Sep 27 09:25

    iglocska on master

    Some minor changes to the docum… (compare)

  • Sep 26 14:16
    adulau commented #284
  • Sep 26 14:15
    adulau closed #284
  • Sep 26 14:15

    adulau on main

    logical typo fixed help manual Merge pull request #284 from Co… (compare)

  • Sep 26 13:40
    Cooper-Dale opened #284
  • Sep 14 17:24
    adulau commented #283
  • Sep 14 17:24

    adulau on main

    chg: [synchronisation] clarify … Merge pull request #283 from Wa… (compare)

andras
@andras:matrix.circl.lu
[m]
I haven't myself
but after a quick read of the codebase:
$this->getConfig('roles_property', 'roles');
this is where the key at which the roles can be found is read
which you need to configure in two places:
  1. in your MISP's oidc config
  1. your IAM / OIDC implementation needs to actually pass the roles along via that key
so make sure that this actually happens
this needs to be exposed via the userinfo endpoint, as requested by the oidc library used by the plugin here:
GV-007
@GV-007
@andras:matrix.circl.lu indeed, I am using OneLogin IdP, which by default uses groups, so I tried 2 things already:
  • In the MISP OIDC config defining 'groups' as key
  • In OneLogin changing key to roles (default of MSIP)
    In both cases $roles keeps empty
andras
@andras:matrix.circl.lu
[m]
I have never used OneLogin, if you craft a query for the userinfo endpoint, can you see groups being included as a key?
If you're OK with trying something hacky:
in the plugin itself
after this line:
GV-007
@GV-007
@andras:matrix.circl.lu I am not a programmer, so not sure how to craft the query...
you can get the full contents of the userinfo via $oidc->requestUserInfo();
it might make sense to grab that and log it
just to make sure that OneLogin actually includes the roles
GV-007
@GV-007
OK, I just add that line and then log: $this->log($oidc, "oidc_log");, right ?
andras
@andras:matrix.circl.lu
[m]
something like this rather:
$this->log(json_encode($oidc->requestUserInfo()), "oidc_log");
GV-007
@GV-007
@andras:matrix.circl.lu thanks for the tip, I don't see any roles in the output:
2021-09-29 09:42:40 Info: OIDC: User `{"sub":"59611704","email":"geert.verstrepen@XXX","preferred_username":"XXX","name":"Geert Verstrepen"}` – oidc_log
andras
@andras:matrix.circl.lu
[m]
yeah was stuck on something similar last week with another tool / another idp :)
GV-007
@GV-007
@andras:matrix.circl.lu on OneLogin end, I configured the roles parameter, so not sure why we don't see it...
andras
@andras:matrix.circl.lu
[m]
For what I was stuck on: I also configured the groups/roles in the tool (in my case it was keycloak) but I had to specifically map it so that it would actually show up in the response and the JWT
GV-007
@GV-007
@andras:matrix.circl.lu, many thanks, I'll start now by creating a ticket at OneLogin
Keep you informed
andras
@andras:matrix.circl.lu
[m]
no worries
if it helps:
from keycloak it looked like this:
it's the very last entry that did it
ended up with it being included in the JWT:
3 replies
Matthew
@yaekmj_twitter
Is there a common way to express generic $EmailRecipient rather than leaking users addresses ?
GV-007
@GV-007
@andras:matrix.circl.lu got a reply on my support case that in the request a scope should bedfined:
To allow roles to be sent, you need to set the appropriate scope, see https://developers.onelogin.com/openid-connect/scopes
Brent Murphy
@bm11100

I've got a cron just set up to cache feeds and it has been working fine. I saw the feeds havent been cached lately and when I run /var/www/MISP/app/Console/cake Server cacheFeed 2 all 2>&1 manually I am getting errors like below -

2021-09-29 14:46:41 Notice: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]
Notice Error: Redis::exec(): send of 8192 bytes failed with errno=32 Broken pipe in [/var/www/MISP/app/Model/Feed.php, line 1334]

I havent modified the Feed.php file at all, the error in this instance is $pipe->exec();. Has anyone had this issue?

Disk space is not full

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        7.7G     0  7.7G   0% /dev
tmpfs           7.7G     0  7.7G   0% /dev/shm
tmpfs           7.7G   33M  7.7G   1% /run
tmpfs           7.7G     0  7.7G   0% /sys/fs/cgroup
/dev/nvme0n1p1  500G  9.6G  491G   2% /
tmpfs           1.6G     0  1.6G   0% /run/user/1003
1 reply
cac0ns3c
@cac0ns3c
i delete all the events from MISP using PyMISP but now when i'm trying to get them again from the feeds i'm getting the. error
2021-09-29 20:12:41 Error: Could not save freetext feed data for feed 3.
[Exception] The target event is no longer valid. Make sure that the target event 816 exists.
Stack Trace:
#0 /var/www/MISP/app/Model/Feed.php(1013): Feed->saveFreetextFeedData()
#1 /var/www/MISP/app/Console/Command/ServerShell.php(297): Feed->downloadFromFeedInitiator()
#2 /var/www/MISP/app/Console/Command/AppShell.php(35): ServerShell->fetchFeed()
#3 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Job.php(199): AppShell->perform()
#4 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(278): Resque_Job->perform()
#5 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/lib/Resque/Worker.php(241): Resque_Worker->perform()
#6 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(109): Resque_Worker->work()
#7 /var/www/MISP/app/Vendor/kamisama/php-resque-ex/bin/resque(100): startWorker()
#8 {main}
andras
@andras:matrix.circl.lu
[m]
Edit the feed, remove the id for the fixed event
cac0ns3c
@cac0ns3c
how do i edit the feed ?
andras
@andras:matrix.circl.lu
[m]
Feed index -> edit button on the right
cac0ns3c
@cac0ns3c
image.png
there is no event id, but outside it says fixed id 225
andras
@andras:matrix.circl.lu
[m]
Interesting
Hitting submit on the form should hopefully solve it
cac0ns3c
@cac0ns3c
didn't solve it, also tried creating new event every push
andras
@andras:matrix.circl.lu
[m]
Same error with new events every push?
Btw careful with that setting, don’t leave it on for longer than you absolutely have to