CB Response: SSO fails to login after restart of the Response Server services
search cancel

CB Response: SSO fails to login after restart of the Response Server services

book

Article ID: 285212

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • After restarting the Response services, SSO login fails with "Unknown User"
  • Login with local Admin account works.
  • Errors found in enterprise.log:
    <err> cb.flask.blueprint_helpers - Unhandled exception from API request: ['http://www.okta.com/ADDRESS']
    <warning> cb.auth.auth - User Authentication Activity: User Id=None, Status=403, Ip Address=ADDRESS, Timestamp=TIMESTAMP
    <warning> cb.flask.blueprints.api_routes_saml - USERNAME authenticated, not found in CB user database and attrs not found to create.

Environment

  • CB Response Server: 6.2 and higher
  • Okta SSO

Cause

Attr_map.py file updated with misconfigured attributes since the last restart.

Resolution

  1. Change the configurations within attr_map.py 
    if "lastname" in key:
    
    should become
    
    if "last_name" in key:
  2. Configure any custom scripts required to complete the integration.

Additional Information

  • Settings will vary depending on what SSO provider is used.
  • Use of custom scripts is not supported within Support. Use of Professional Services may be required.