Skip to content
This repository has been archived by the owner on Dec 14, 2024. It is now read-only.

Authentication process and credential encryption issues #334

Open
jolszewski21 opened this issue Jul 18, 2024 · 1 comment
Open

Authentication process and credential encryption issues #334

jolszewski21 opened this issue Jul 18, 2024 · 1 comment
Labels
bug

Comments

@jolszewski21
Copy link

jolszewski21 commented Jul 18, 2024
edited
Loading

Describe the bug

We are experiencing issues with authentication process, which result in the following errors:

  1. "splunklib.binding.AuthenticationError: Autologin succeeded, but there was an auth error on the next request. Something is very wrong."
  2. "splunklib.binding.HTTPError: HTTP 401 Unauthorized -- b'{"messages":[{"type":"WARN","text":"call not properly authenticated"}]}'"

Additionally, App fails to encrypt the credentials set within them.

  • Used Cortex XDR credentials are correct and tested by different methods. *

Expected behavior

Getting data from Cortex XDR

Current behavior

Failing at the authentication level.

Your Environment

Oracle Linux Server release 9.1
Splunk Single Instance - Version 9.2.2
App version - 8.1.1
@jolszewski21
Copy link
Author

Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/modinput_wrapper/base_modinput.py", line 113, in stream_events
self.parse_input_args(input_definition)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/modinput_wrapper/base_modinput.py", line 154, in parse_input_args
self._parse_input_args_from_global_config(inputs)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/modinput_wrapper/base_modinput.py", line 173, in _parse_input_args_from_g
lobal_config
ucc_inputs = global_config.inputs.load(input_type=self.input_type)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunktaucclib/global_config/configuration.py", line 272, in load
self._references = Configs(self._splunkd_client, self._schema).load()
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunktaucclib/global_config/configuration.py", line 345, in load
config_entities = self._load_endpoint(config["name"], config["entity"])
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunktaucclib/global_config/configuration.py", line 189, in _load_endpoi
nt
RestHandler.path_segment(self._endpoint_path(name)), **query
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 299, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/lib/python3.7/contextlib.py", line 130, in exit
self.gen.throw(type, value, traceback)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 233, in _handle_auth_error
raise AuthenticationError(msg, he)
splunklib.binding.AuthenticationError: Autologin succeeded, but there was an auth error on next request. Something is very wrong.

2024-07-31 13:44:01,249 ERROR pid=1172289 tid=MainThread file=base_modinput.py:log_error:309 | Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 288, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 69, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 684, in get
response = self.http.get(path, all_headers, **query)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 1197, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 1260, in request
raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 401 Unauthorized -- b'{"messages":[{"type":"WARN","text":"call not properly authenticated"}]}'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 230, in _handle_auth_error
yield
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 299, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 69, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 684, in get
response = self.http.get(path, all_headers, **query)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 1197, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/splunklib/binding.py", line 1260, in request
raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 401 Unauthorized -- b'{"messages":[{"type":"WARN","text":"call not properly authenticated"}]}'

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jolszewski21