Connecting to Graylog using AzureAD

Graylog Central (peer support)
1

Hi,
I’m creating a Graylog cluster and i would like to authenticate to Graylog using AzureAD.
I’v already created an authentication on Graylog and an Application registrations on azureAD with the callback address…
The problem occurs when i try to login to graylog using my AzureAD account I got an error message and that message in logs:


2022-01-20T14:46:10.454+01:00 ERROR [OauthRequestUtils] Error attempting to fetch data from auth server. Got: 401 Unauthorized
2022-01-20T14:46:10.455+01:00 ERROR [OauthAuthServiceBackend] Unable to extract id and access tokens from JSON response
java.lang.NullPointerException: null
        at org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend.fetchTokensFromAuthServer(OauthAuthServiceBackend.java:252) ~[?:?]
        at org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend.authenticate(OauthAuthServiceBackend.java:136) ~[?:?]
        at org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend.authenticateAndProvision(OauthAuthServiceBackend.java:81) ~[?:?]
        at org.graylog.security.authservice.AuthServiceAuthenticator.authenticate(AuthServiceAuthenticator.java:94) ~[graylog.jar:?]
        at org.graylog.security.authservice.AuthServiceAuthenticator.authenticate(AuthServiceAuthenticator.java:50) ~[graylog.jar:?]
        at org.graylog2.security.realm.BearerTokenRealm.doGetAuthenticationInfo(BearerTokenRealm.java:69) ~[graylog.jar:?]
        at org.graylog2.security.realm.BearerTokenRealm.doGetAuthenticationInfo(BearerTokenRealm.java:60) ~[graylog.jar:?]
        at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) ~[graylog.jar:?]
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:225) ~[graylog.jar:?]
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:275) ~[graylog.jar:?]
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[graylog.jar:?]
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) ~[graylog.jar:?]
        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) ~[graylog.jar:?]
        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) ~[graylog.jar:?]
        at org.graylog2.shared.security.SessionCreator.create(SessionCreator.java:82) ~[graylog.jar:?]
        at org.graylog2.rest.resources.system.SessionsResource.newSession(SessionsResource.java:142) ~[graylog.jar:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219) [graylog.jar:?]
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391) [graylog.jar:?]
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80) [graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?]
        at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?]
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [graylog.jar:?]
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) [graylog.jar:?]
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) [graylog.jar:?]
        at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:356) [graylog.jar:?]
        at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
        at java.lang.Thread.run(Thread.java:829) [?:?]
2022-01-20T14:46:10.468+01:00 WARN  [BearerTokenRealm] Failed to authenticate username <<token>> with backend <Azure_authentication/oidcXXXXXXXXXXXXXXXXXXXX>
2022-01-20T14:46:10.470+01:00 INFO  [SessionCreator] Invalid credentials in session create request. Actor: "urn:graylog:node:XXXXXXXXXXXXXXXXXXXXXXXXX"

Graylog 4.2.5+59802bf on localhost (Debian 11.0.13 on Linux 5.10.0-9-amd64

I already tried to configure the token configuration on Azure but that didn’t help.

Could you help me to understand the messagei got int my logs.

Thank you!

2

Hello @Minwyyn

I grabbed the meaningful data from those logs to simplify on how to resolve this issue.

Error attempting to fetch data from auth server.

unable to extract id and access tokens from JSON response
java.lang.NullPointerException: null

Failed to authenticate username <> with backend <Azure_authentication/oidcXXXXXXXXXXXXXXXXXXXX>

Invalid credentials in session create request. Actor: “urn:graylog:node:XXXXXXXXXXXXXXXXXXXXXXXXX”

Need to ask some questions.

How did you configure Authentication Service - Active Directory?
Did you test this in the Graylog Web UI which is under System/Authentication?
What have you done to resolve this issue so far?

3

Hi, I solved my problem now everything is good

For those who wants to know I just used https://login.microsoftonline.com/$tenant/ that showed me in the logs that i needed to give access to the email from the Azure response. Then I made that modification in Azure and put the url back to normal and everything was working fine. I just needed to add a few options to make it works

Thank you @gsmith for your answer

1 Like
4

Hello,
Glad you solved your issue.
If you could mark this as resolved that would be great for future searchs :+1:

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.