Hosted EDR: Cannot Login via SSO to Hosted EDR
search cancel

Hosted EDR: Cannot Login via SSO to Hosted EDR

book

Article ID: 284954

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Cannot login to Hosted EDR, when logging in user is brought back to the login page but never authenticates:
User-added image
  • Errors in logs : 
    • /var/log/cb/coreservices/coreservices.log
AttributeError: 'NoneType' object has no attribute 'authn_statement' 2020-07-13 21:09:17 [7679] <err> cb.flask.blueprints.api_routes_saml - SSO assertion auth failure Traceback (most recent call last): File "/usr/share/cb/virtualenv/lib/python3.8/site-packages/cb/flask/blueprints/api_routes_saml.py", line 545, in saml_assertion File "/usr/share/cb/virtualenv/lib/python3.8/site-packages/cb/flask/blueprints/api_routes_saml.py", line 196, in handle_assertion File "/usr/share/cb/virtualenv/lib64/python3.8/site-packages/saml2/response.py", line 1077, in session_info authn_statement = self.assertion.authn_statement[0] AttributeError: 'NoneType' object has no attribute 'authn_statement' 2020-07-13 21:09:37 [7678] <err> cb.flask.blueprints.api_routes_saml - SSO assertion auth failure Traceback (most recent call last): File "/usr/share/cb/virtualenv/lib/python3.8/site-packages/cb/flask/blueprints/api_routes_saml.py", line 545, in saml_assertion File "/usr/share/cb/virtualenv/lib/python3.8/site-packages/cb/flask/blueprints/api_routes_saml.py", line 196, in handle_assertion File "/usr/share/cb/virtualenv/lib64/python3.8/site-packages/saml2/response.py", line 1077, in session_info authn_statement = self.assertion.authn_statement[0] AttributeError: 'NoneType' object has no attribute 'authn_statement'
  • /var/log/cb/nginx/access.log :
<IP Redacted> - - [13/Jul/2020:05:56:33 +0000(0.000)] "GET /auth/beans HTTP/1.1" 404 121 408 193 "-" "<hostname>.my.carbonblack.io" ">-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.32 (bountybot)" "-"
<IP Redacted> - - [13/Jul/2020:14:05:49 +0000(0.004)] "GET /api/saml/auth?redirect_url=%23%2Fbinaries%2Fcb.urlver%3D1%26sort%3Dserver_added_timestamp%2520desc%26rows%3D10%26start%3D0 HTTP/1.1" 303 0 1070 736 "https://<hostname>.carbonblack.io/" "<hostname>.carbonblack.io" ">[::1]:5000" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"
<IP Redacted> - - [13/Jul/2020:14:06:00 +0000(0.009)] "GET /api/auth/current-user HTTP/1.1" 403 212 792 679 "https://<hostname>.my.carbonblack.io/" "<hostname>.my.carbonblack.io" ">127.0.0.1:5000" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"
<IP Redacted> - - [13/Jul/2020:17:05:16 +0000(0.006)] "GET /api/saml/auth?redirect_url=%23%2Fbinaries%2Fcb.urlver%3D1%26sort%3Dserver_added_timestamp%2520desc%26rows%3D10%26start%3D0 HTTP/1.1" 303 0 1066 736 "https://<hostname>.my.carbonblack.io/" "<hostname>.my.carbonblack.io" ">127.0.0.1:5000" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-"


 

Environment

  • Hosted EDR: All Supported Versions

Cause

  • SSO mis-configuration or certificate issue.

Resolution

  • Submit a case to Cloud Ops on this issue reporting error findings mentioned above.