CB Response: SSO fails to login after restart of the Response Server services
book
Article ID: 285212
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
After restarting the Response services, SSO login fails with "Unknown User"
Login with local Admin account works.
Errors found in enterprise.log:
<err> cb.flask.blueprint_helpers - Unhandled exception from API request: ['http://www.okta.com/ADDRESS']
<warning> cb.auth.auth - User Authentication Activity: User Id=None, Status=403, Ip Address=ADDRESS, Timestamp=TIMESTAMP
<warning> cb.flask.blueprints.api_routes_saml - USERNAME authenticated, not found in CB user database and attrs not found to create.
Environment
CB Response Server: 6.2 and higher
Okta SSO
Cause
Attr_map.py file updated with misconfigured attributes since the last restart.
Resolution
Change the configurations within attr_map.py
if "lastname" in key:
should become
if "last_name" in key:
Configure any custom scripts required to complete the integration.
Additional Information
Settings will vary depending on what SSO provider is used.
Use of custom scripts is not supported within Support. Use of Professional Services may be required.