EntraID no Button showing up and error message in documented OpenIDConnectStrategy

[bjoern-js]

Description

When using the authentication strategy: OpenIDConnectStrategy the sign in button does not show up underneath the form. When opening the "/auth/oic/callback" path on the deployed CTI website the following response is given:

{"status":"error","error":"Error: Unknown authentication strategy \"oic\"\n    at attempt (/opt/opencti/build/node_modules/passport/lib/middleware/authenticate.js:193:39)\n    at authenticate (/opt/opencti/build/node_modules/passport/lib/middleware/authenticate.js:180:6)\n    at /opt/opencti/build/src/http/httpPlatform.js:429:8\n    at new Promise (<anonymous>)\n    at callbackLogin (/opt/opencti/build/src/http/httpPlatform.js:422:33)\n    at fn (/opt/opencti/build/src/http/httpPlatform.js:433:28)\n    at Rge.handle [as handle_request] (/opt/opencti/build/node_modules/express/lib/router/layer.js:95:5)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:149:13)\n    at fn (/opt/opencti/build/node_modules/body-parser/lib/types/urlencoded.js:94:7)\n    at Rge.handle [as handle_request] (/opt/opencti/build/node_modules/express/lib/router/layer.js:95:5)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:149:13)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at next (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)\n    at u (/opt/opencti/build/node_modules/express/lib/router/route.js:145:7)"}

Environment

1. OS (where OpenCTI server runs): Docker - image: opencti/platform:6.5.3
2. OpenCTI version: 6.5.3
3. OpenCTI client: frontend
4. Other environment details:

2 Docker Files:
docker-compose.yml

services:
  redis:
    image: redis:7.4.2
    restart: always
    volumes:
      - redisdata:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2
    volumes:
      - esdata:/usr/share/elasticsearch/data
    environment:
      # Comment-out the line below for a cluster of multiple nodes
      - discovery.type=single-node
      # Uncomment the line below below for a cluster of multiple nodes
      # - cluster.name=docker-cluster
      - xpack.ml.enabled=false
      - xpack.security.enabled=false
      - thread_pool.search.queue_size=5000
      - logger.org.elasticsearch.discovery="ERROR"
      - "ES_JAVA_OPTS=-Xms${ELASTIC_MEMORY_SIZE} -Xmx${ELASTIC_MEMORY_SIZE}"
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test: curl -s http://elasticsearch:9200 >/dev/null || exit 1
      interval: 30s
      timeout: 10s
      retries: 50
  minio:
    image: minio/minio:RELEASE.2024-05-28T17-19-04Z # Use "minio/minio:RELEASE.2024-05-28T17-19-04Z-cpuv1" to troubleshoot compatibility issues with CPU
    volumes:
      - s3data:/data
    ports:
      - "9000:9000"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}    
    command: server /data
    restart: always
    healthcheck:
      test: ["CMD", "mc", "ready", "local"]
      interval: 10s
      timeout: 5s
      retries: 3
  rabbitmq:
    image: rabbitmq:4.0-management
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
      - RABBITMQ_NODENAME=rabbit01@localhost
    volumes:
      - amqpdata:/var/lib/rabbitmq
    restart: always
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 30s
      timeout: 30s
      retries: 3
  opencti:
    image: opencti/platform:6.5.3
    environment:
      - NODE_OPTIONS=--max-old-space-size=8096
      - APP__PORT=8080
      - APP__BASE_URL=${OPENCTI_BASE_URL}
      - APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
      - APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
      - APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
      - APP__APP_LOGS__LOGS_LEVEL=error
      - REDIS__HOSTNAME=redis
      - REDIS__PORT=6379
      - ELASTICSEARCH__URL=http://elasticsearch:9200
      - ELASTICSEARCH__NUMBER_OF_REPLICAS=0
      - MINIO__ENDPOINT=minio
      - MINIO__PORT=9000
      - MINIO__USE_SSL=false
      - MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
      - MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
      - RABBITMQ__HOSTNAME=rabbitmq
      - RABBITMQ__PORT=5672
      - RABBITMQ__PORT_MANAGEMENT=15672
      - RABBITMQ__MANAGEMENT_SSL=false
      - RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
      - RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
      - SMTP__HOSTNAME=${SMTP_HOSTNAME}
      - SMTP__PORT=25
      - PROVIDERS__LOCAL__STRATEGY=LocalStrategy
      - APP__HEALTH_ACCESS_KEY=${OPENCTI_HEALTHCHECK_ACCESS_KEY}
    ports:
      - "8080:8080"
    depends_on:
      redis:
        condition: service_healthy
      elasticsearch:
        condition: service_healthy
      minio:
        condition: service_healthy
      rabbitmq:
        condition: service_healthy
    restart: always
    healthcheck:
      test:  ["CMD", "wget", "-qO-", "http://opencti:8080/health?health_access_key=${OPENCTI_HEALTHCHECK_ACCESS_KEY}"]
      interval: 10s
      timeout: 5s
      retries: 20
  worker:
    image: opencti/worker:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - WORKER_LOG_LEVEL=info
    depends_on:
      opencti:
        condition: service_healthy
    deploy:
      mode: replicated
      replicas: 3
    restart: always
  connector-export-file-stix:
    image: opencti/connector-export-file-stix:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_STIX_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileStix2
      - CONNECTOR_SCOPE=application/json
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-export-file-csv:
    image: opencti/connector-export-file-csv:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_CSV_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileCsv
      - CONNECTOR_SCOPE=text/csv
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-export-file-txt:
    image: opencti/connector-export-file-txt:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_EXPORT_FILE_TXT_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_EXPORT_FILE
      - CONNECTOR_NAME=ExportFileTxt
      - CONNECTOR_SCOPE=text/plain
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-import-file-stix:
    image: opencti/connector-import-file-stix:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_IMPORT_FILE_STIX_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportFileStix
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
      - CONNECTOR_SCOPE=application/json,text/xml
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-import-document:
    image: opencti/connector-import-document:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_IMPORT_DOCUMENT_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_IMPORT_FILE
      - CONNECTOR_NAME=ImportDocument
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=true # Validate any bundle before import
      - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
      - IMPORT_DOCUMENT_CREATE_INDICATOR=true
    restart: always
    depends_on:
      opencti:
        condition: service_healthy
  connector-analysis:
    image: opencti/connector-import-document:6.5.3
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
      - CONNECTOR_ID=${CONNECTOR_ANALYSIS_ID} # Valid UUIDv4
      - CONNECTOR_TYPE=INTERNAL_ANALYSIS
      - CONNECTOR_NAME=ImportDocumentAnalysis
      - CONNECTOR_VALIDATE_BEFORE_IMPORT=false # Validate any bundle before import
      - CONNECTOR_SCOPE=application/pdf,text/plain,text/html
      - CONNECTOR_AUTO=true # Enable/disable auto-import of file
      - CONNECTOR_ONLY_CONTEXTUAL=false # Only extract data related to an entity (a report, a threat actor, etc.)
      - CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
      - CONNECTOR_LOG_LEVEL=info
    restart: always
    depends_on:
      opencti:
        condition: service_healthy

volumes:
  esdata:
  s3data:
  redisdata:
  amqpdata:

docker-compose-extras.yml

services:
  opencti:
    ports: []
    environment:
      - PROVIDERS__OPENID__STRATEGY=OpenIDConnectStrategy 
      - PROVIDERS__OPENID__CONFIG__LABEL="Login with Microsoft"
      - PROVIDERS__OPENID__CONFIG__ISSUER=${PROVIDERS__OPENID__CONFIG__ISSUER}
      - PROVIDERS__OPENID__CONFIG__CLIENT_ID=${PROVIDERS__OPENID__CONFIG__CLIENT_ID}
      - PROVIDERS__OPENID__CONFIG__CLIENT_SECRET=${PROVIDERS__OPENID__CONFIG__CLIENT_SECRET}
      - PROVIDERS__OPENID__CONFIG__REDIRECT_URIS=["https://[REDACTED]/auth/oic/callback"]
      - PROVIDERS__OPENID__CONFIG__LOGOUT_REMOTE=false
    networks:
      - REDACTED
      - default

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Open Login window of OpenCTI

Expected Output

Show Login Button and initiate Login with Microsoft EntraID

Actual Output

No Login Button

Additional information

.env file includes:
PROVIDERS__OPENID__CONFIG__ISSUER=https://login.microsoftonline.com/[CLIENT ID]/v2.0
PROVIDERS__OPENID__CONFIG__CLIENT_ID=[CLIENT ID]
PROVIDERS__OPENID__CONFIG__CLIENT_SECRET=[SECRET VALUE]

Screenshots (optional)