trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/wazuh/index.md
Maik Ro c9b17dafa5 first 4 steps
2023-11-22 14:24:03 +01:00

2.9 KiB
Raw Blame History

title
wazuh.

Support level: Community

What is wazuh

wazuh is an open source Security Information and Event Management System that also has (extended) Endpoint Detection & Response (XDR) capabilities, as well as components of a Network Intrusion & Detection System (NIDS).

-- https://wazuh.com

:::note We assume that you already have wazuh and authentik installed/setup and now want to integrate authentik as your IDP solution to have SSO within wazuh. :::

Preparation

The following placeholders will be used:

  • wazuh.company is the FQDN of the wazuh server instance.
  • authentik.company is the FQDN of the authentik install.

While wazuh allows both LDAP and SAML integration, in this post we will only walk through the SAML integration.

Step 1

The first step would be to add a certificate for wazuh.

You can generate a new one under System -> Certificates -> Generate

Add a name, set the validity period to 365 days and click Generate

If all goes well authentik will display a message like the one below

Step 2

Now add a SAML provider - you can find the options under Applications -> Providers

Select SAML Provider and click Next

Add a descriptive name, select the appropriate Authentication/Authorization flow, adjust the ACS URL to contain the IP/hostname of your wazuh installation and add /_opendistro/_security/saml/acs to the end.

https://<WAZUH_IP_OR_HOSTNAME>/_opendistro/_security/saml/acs

also make sure to give it an appropriate EntityID name (issuer), you will need that later and a valid option is e.g. wazuh-saml

Select Post as the Service Provider Binding and move on to the advanced protocol settings.

The last step is to select the previously created Signing Certificate from the dropdown list and leave the rest of the configurations as default for now.

Step 3

Time to create a Property Mapping - this is a custom function that takes group/user data from authentik and provides it to wazuh in a structured way.

We will map a group membership - wazuh-admins - as a backend role for RBAC in wazuh using Property Mapping - Customization -> Property Mappings

Name: wazuh property mapping

SAML Attribute Role: Roles

if ak_is_group_member(request.user, name="wazuh-admins"):
  yield "wazuh-admin"

Make sure to adjust the provider to include the newly created property mapping in the Advanced protocol settings.

Step 4

Now create an application to use the newly created provider. Applications -> Applications - Create

Name: wazuh

Slug: wazuh

Provider: SAML

Policy Engine: any

Step 5