Merge pull request #549 from Security-Onion-Solutions/feature/auth

Feature/auth
2025-12-19 07:23:06 +01:00 · 2020-04-09 17:39:23 -04:00
parent c0739976c9 c130c8fbf4
commit 3bf7a5aab5
5 changed files with 24 additions and 9 deletions
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/common/nginx/nginx.conf.so-eval
@@ -134,9 +134,9 @@ http {
          proxy_set_header      Connection "Upgrade";
        }

-        location /auth/ {
+        location ~ ^/auth/.*?(whoami|login|logout) {
          rewrite               /auth/(.*) /$1 break;
-          proxy_pass            http://{{ masterip }}:4433/;
+          proxy_pass            http://{{ masterip }}:4433;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
          proxy_set_header      Host $host;
@@ -295,7 +295,7 @@ http {
        error_page 401 = @error401;

        location @error401 {
-          add_header    Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
+          add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Max-Age=14400";
          return        302 /auth/self-service/browser/flows/login;
        }

--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -134,9 +134,9 @@ http {
          proxy_set_header      Connection "Upgrade";
        }

-        location /auth/ {
+        location ~ ^/auth/.*?(whoami|login|logout) {
          rewrite               /auth/(.*) /$1 break;
-          proxy_pass            http://{{ masterip }}:4433/;
+          proxy_pass            http://{{ masterip }}:4433;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
          proxy_set_header      Host $host;
@@ -295,7 +295,7 @@ http {
        error_page 401 = @error401;

        location @error401 {
-          add_header    Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
+          add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
          return        302 /auth/self-service/browser/flows/login;
        }

--- a/salt/common/nginx/nginx.conf.so-mastersearch
+++ b/salt/common/nginx/nginx.conf.so-mastersearch
@@ -134,9 +134,9 @@ http {
          proxy_set_header      Connection "Upgrade";
        }

-        location /auth/ {
+        location ~ ^/auth/.*?(whoami|login|logout) {
          rewrite               /auth/(.*) /$1 break;
-          proxy_pass            http://{{ masterip }}:4433/;
+          proxy_pass            http://{{ masterip }}:4433;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
          proxy_set_header      Host $host;
@@ -295,7 +295,7 @@ http {
        error_page 401 = @error401;

        location @error401 {
-          add_header    Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
+          add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
          return        302 /auth/self-service/browser/flows/login;
        }

--- a/salt/soc/files/kratos/schema.json
+++ b/salt/soc/files/kratos/schema.json
@@ -19,6 +19,18 @@
            "via": "email"
          }
        }
+      },
+      "firstName": {
+        "type": "string",
+        "title": "First Name"
+      },
+      "lastName": {
+        "type": "string",
+        "title": "Last Name"
+      },
+      "role": {
+        "type": "string",
+        "title": "Role"
      }
    },
    "required": [
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -11,6 +11,9 @@
      "filedatastore": {
        "jobDir": "jobs"
      },
+      "kratos": {
+        "hostUrl": "http://{{ MASTERIP }}:4434/"
+      },
      "securityonion": {
        "elasticsearchHost": "http://{{ MASTERIP }}:9200",
        "elasticsearchUsername": "",