Release 4.9.1 - RC 1 - E2E UX tests - SAML SSO

[juliamagan]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Urgent priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example Release 4.3.5 - Release Candidate 1 - E2E UX tests - Wazuh Indexer #13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-dashboard team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by Sep 23, 2024 and notify the @wazuh/devel-dashboard team via Slack using the c-release channel
• Review: The @wazuh/devel-dashboard team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Sep 24, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by Sep 25, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer	Quickstart	-	CentOS 8 x86_64
Server	Same as indexer, all-in-one	-	-
Dashboard	Same as indexer, all-in-one	-	-
Agent	Installing Wazuh agents	-	Fedora 39 x86_64

Test description

Following documentation from Single sign-on https://documentation-dev.wazuh.com/v4.9.1-rc1/user-manual/user-administration/single-sign-on/index.html, try the best effort to complete the steps and test the dashboard login using Okta and Microsoft Entra ID

Known issues

• [BUG] Kibana throws errors 500/401 one hour after login when using SAML opensearch-project/security-dashboards-plugin#828

Conclusions

Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:

Status	Test	Failure type	Notes
🟢	Quickstart		Outdated OS
🟢	Agent installation
🟢	Okta
🟢	ME-ID

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Yes, it was clear.
• Did you face any challenges not covered by the guideline?
  • The guide indicates to use an outdated OS (CentOS 8), it should be replaced in the future.
• Suggestions for improvement:
  • No suggestions.

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• @juliamagan
• @wazuh/devel-dashboard

[TomasTurina]

Environment details

Server installation 🟢

• OS details:

[root@localhost Desktop]# cat /etc/os-release 
NAME="CentOS Stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"

• Wazuh installation assistant:

[root@localhost Desktop]# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
23/09/2024 18:01:38 INFO: Starting Wazuh installation assistant. Wazuh version: 4.9.1
23/09/2024 18:01:38 INFO: Verbose logging redirected to /var/log/wazuh-install.log
23/09/2024 18:01:39 INFO: Verifying that your system meets the recommended minimum hardware requirements.
23/09/2024 18:01:39 INFO: Wazuh web interface port will be 443.
23/09/2024 18:01:41 INFO: Wazuh development repository added.
23/09/2024 18:01:41 INFO: --- Configuration files ---
23/09/2024 18:01:41 INFO: Generating configuration files.
23/09/2024 18:01:42 INFO: Generating the root certificate.
23/09/2024 18:01:42 INFO: Generating Admin certificates.
23/09/2024 18:01:42 INFO: Generating Wazuh indexer certificates.
23/09/2024 18:01:43 INFO: Generating Filebeat certificates.
23/09/2024 18:01:43 INFO: Generating Wazuh dashboard certificates.
23/09/2024 18:01:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
23/09/2024 18:01:44 INFO: --- Wazuh indexer ---
23/09/2024 18:01:44 INFO: Starting Wazuh indexer installation.
23/09/2024 18:02:44 INFO: Wazuh indexer installation finished.
23/09/2024 18:02:44 INFO: Wazuh indexer post-install configuration finished.
23/09/2024 18:02:44 INFO: Starting service wazuh-indexer.
23/09/2024 18:03:08 INFO: wazuh-indexer service started.
23/09/2024 18:03:08 INFO: Initializing Wazuh indexer cluster security settings.
23/09/2024 18:03:16 INFO: Wazuh indexer cluster security configuration initialized.
23/09/2024 18:03:16 INFO: Wazuh indexer cluster initialized.
23/09/2024 18:03:16 INFO: --- Wazuh server ---
23/09/2024 18:03:16 INFO: Starting the Wazuh manager installation.
23/09/2024 18:05:03 INFO: Wazuh manager installation finished.
23/09/2024 18:05:03 INFO: Wazuh manager vulnerability detection configuration finished.
23/09/2024 18:05:03 INFO: Starting service wazuh-manager.
23/09/2024 18:05:17 INFO: wazuh-manager service started.
23/09/2024 18:05:17 INFO: Starting Filebeat installation.
23/09/2024 18:05:35 INFO: Filebeat installation finished.
23/09/2024 18:05:44 INFO: Filebeat post-install configuration finished.
23/09/2024 18:05:44 INFO: Starting service filebeat.
23/09/2024 18:05:47 INFO: filebeat service started.
23/09/2024 18:05:47 INFO: --- Wazuh dashboard ---
23/09/2024 18:05:47 INFO: Starting Wazuh dashboard installation.
23/09/2024 18:15:19 INFO: Wazuh dashboard installation finished.
23/09/2024 18:15:19 INFO: Wazuh dashboard post-install configuration finished.
23/09/2024 18:15:19 INFO: Starting service wazuh-dashboard.
23/09/2024 18:15:20 INFO: wazuh-dashboard service started.
23/09/2024 18:15:21 INFO: Updating the internal users.
23/09/2024 18:15:32 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
23/09/2024 18:15:55 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
23/09/2024 18:16:49 INFO: Initializing Wazuh dashboard web application.
23/09/2024 18:16:49 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 18:17:05 INFO: Wazuh dashboard web application not yet initialized. Waiting...
23/09/2024 18:17:20 INFO: Wazuh dashboard web application initialized.
23/09/2024 18:17:20 INFO: --- Summary ---
23/09/2024 18:17:20 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: n?*E.EhEgS8.2aBfrAQzz21K0B.6YsQQ
23/09/2024 18:17:20 INFO: Installation finished.

• Dashboard visual interface:

Agent 🟢

• OS details:

root@fedora:/home/tomas# cat /etc/os-release 
NAME="Fedora Linux"
VERSION="39 (Workstation Edition)"
ID=fedora
VERSION_ID=39
VERSION_CODENAME=""
PLATFORM_ID="platform:f39"
PRETTY_NAME="Fedora Linux 39 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:39"
DEFAULT_HOSTNAME="fedora"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f39/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=39
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=39
SUPPORT_END=2024-05-14
VARIANT="Workstation Edition"
VARIANT_ID=workstation

• GPG Key deployment and repository download:

root@fedora:/home/tomas# rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
root@fedora:/home/tomas# cat > /etc/yum.repos.d/wazuh.repo << EOF
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-\$releasever - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
EOF

• Agent install:

root@fedora:/home/tomas# WAZUH_MANAGER="x.x.x.x" yum install wazuh-agent
EL-39 - Wazuh                                   7.1 MB/s |  30 MB     00:04    
Last metadata expiration check: 0:00:12 ago on Mon 23 Sep 2024 07:40:55 PM -03.
Dependencies resolved.
================================================================================
 Package               Architecture     Version           Repository       Size
================================================================================
Installing:
 wazuh-agent           x86_64           4.9.1-1           wazuh            10 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 10 M
Installed size: 31 M
Is this ok [y/N]: y
Downloading Packages:
wazuh-agent-4.9.1-1.x86_64.rpm                  2.7 MB/s |  10 MB     00:03    
--------------------------------------------------------------------------------
Total                                           2.7 MB/s |  10 MB     00:03     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-agent-4.9.1-1.x86_64                             1/1 
  Installing       : wazuh-agent-4.9.1-1.x86_64                             1/1 
  Running scriptlet: wazuh-agent-4.9.1-1.x86_64                             1/1 
  Verifying        : wazuh-agent-4.9.1-1.x86_64                             1/1 

Installed:
  wazuh-agent-4.9.1-1.x86_64                                                    

Complete!
root@fedora:/home/tomas# /var/ossec/bin/wazuh-control start
Starting Wazuh v4.9.1...
Started wazuh-execd...
Started wazuh-agentd...
Started wazuh-syscheckd...
Started wazuh-logcollector...
Started wazuh-modulesd...
Completed.

• Connection test:

[root@localhost bin]# /var/ossec/bin/agent_control -l

Wazuh agent_control. List of available agents:
   ID: 000, Name: localhost.localdomain (server), IP: 127.0.0.1, Active/Local
   ID: 001, Name: fedora, IP: any, Active

Conclusion

The agent has been deployed and connected successfully.

[TomasTurina]

Okta SSO 🟢

Okta configuration 🟢

• New group creation

• Add user to group

• App creation and configuration

• App creation summary

• Add app to group

Wazuh indexer configuration 🟢

• /etc/wazuh-indexer/opensearch-security/config.yml configuration

basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users databa$
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: intern
      saml_auth_domain:
        http_enabled: true
        transport_enabled: false
        order: 1
        http_authenticator:
          type: saml
          challenge: true
          config:
            idp:
              metadata_url: 'https://trial-xxx.okta.com/app/xxx'
              entity_id: 'http://www.okta.com/xxx'
            sp:
              entity_id: wazuh-saml
            kibana_url: https://x.x.x.x
            roles_key: Roles
            exchange_key: 'd61aa4108549f9d56ee7xxx'
        authentication_backend:
          type: noop

• Security admin script

[root@localhost opensearch-security]# export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
**************************
* This tool will be deprecated in the next major release of OpenSearch *
* https://github.com/opensearch-project/security/issues/1755           *
**************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["config"],"updated_config_size":1,"message":null} is 1 (["config"]) due to: null
Done with success

• Role mapping

## Default roles mapping

all_access:
  reserved: true
  hidden: false
  backend_roles: 
  - "admin"
  - "e2e-testing-group"
  hosts: []
  users: []
  and_backend_roles: []
  description: "Maps admin to all_access"

• Security admin script for the role map

[root@localhost opensearch-security]# export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
**************************
* This tool will be deprecated in the next major release of OpenSearch *
* https://github.com/opensearch-project/security/issues/1755           *
**************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null
Done with success

Wazuh dashboard configuration 🟢

• Check host

hosts:
  - default:
      url: https://127.0.0.1
      port: 55000
      username: wazuh-wui
      password: "LbQHkA*8Q0OQgWrJdqDhtDZw7F3+Dpe?"
      run_as: false

• Edit wazuh dashboard config

opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]
opensearch_security.session.keepalive: false

• Test Okta log in

• Wazuh dashboard after Okta SSO

SSO with Admin role 🟢

SSO with Read-only role 🟢

All steps are the same as before, except that the role mapping will be done from the dashboard to provide the read-only roles.

The role mapping was done successfully.

Conclusion

Integration was successful.

[TomasTurina]

Microsoft Entra ID 🟢

ME-ID configuration 🟢

• App creation

• Add role to manifest

{
    "allowedMemberTypes": [
        "User"
    ],
    "description": "Wazuh role",
    "displayName": "Wazuh_role",
    "id": "xxx",
    "isEnabled": true,
    "origin": "Application",
    "value": "Wazuh_role"
},

• Assign user to application

• Set up SAML

Wazuh indexer configuration 🟢

• Set up indexer SAML and execute security script

      basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users databa$
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: intern
      saml_auth_domain:
        http_enabled: true
        transport_enabled: false
        order: 1
        http_authenticator:
          type: saml
          challenge: true
          config:
            idp:
              metadata_url: 'https://login.microsoftonline.com/xxx'
              entity_id: 'https://sts.windows.net/xxx'
            sp:
              entity_id: 'wazuh-saml4'
            kibana_url: https://x.x.x.x
            roles_key: Roles
            exchange_key: 'c1ce071xxx'
        authentication_backend:
          type: noop

[root@localhost wazuh-dashboard]# export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
**************************
* This tool will be deprecated in the next major release of OpenSearch *
* https://github.com/opensearch-project/security/issues/1755           *
**************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-dashboard
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["config"],"updated_config_size":1,"message":null} is 1 (["config"]) due to: null
Done with success

• Add role mapping and execute security script to apply changes

## Default roles mapping

all_access:
  reserved: true
  hidden: false
  backend_roles:
  - "admin"
  - "Wazuh_role"
  hosts: []
  users: []
  and_backend_roles: []
  description: "Maps admin to all_access"

[root@localhost wazuh-dashboard]# export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
**************************
* This tool will be deprecated in the next major release of OpenSearch *
* https://github.com/opensearch-project/security/issues/1755           *
**************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-dashboard
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null
Done with success

Wazuh dashboard configuration 🟢

• Add SSO config to dashboard config

opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]
opensearch_security.session.keepalive: false

• Test dashboard login

Instant redirection to Microsoft sign-in URl.

SSO with Admin role 🟢

• Test log-in

• Backend role mapped

SSO with Read-only role 🟢

Since all steps are the same as mentioned before they will be resumed.

• ME-ID config

• Indexer

      basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users databas$
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: intern
      saml_auth_domain:
        http_enabled: true
        transport_enabled: false
        order: 1
        http_authenticator:
          type: saml
          challenge: true
          config:
            idp:
              metadata_url: 'https://login.microsoftonline.com/xxx'
              entity_id: 'https://sts.windows.net/xxx'
            sp:
              entity_id: 'wazuh-saml5'
            kibana_url: https://x.x.x.x
            roles_key: Roles
            exchange_key: 'c1ce071c6xxx'
        authentication_backend:
          type: noop

• Dashboard map and config

• Backend roles

Conclusion

Integration was successful.

[Desvelao]

Hi @TomasTurina, reviewing your problem with configuring the SSO with Microsoft Entra ID #25829 (comment), I see a possible syntax error in the configuration of Wazuh indexer, see the ipd that should be idp:

Docs: https://documentation-dev.wazuh.com/v4.9.1-rc1/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.html#wazuh-indexer-configuration

[TomasTurina]

Hi @Desvelao, I've managed to fix this, thanks. I'll update my previous comment.

[asteriscos]

Hi @TomasTurina, the test looks good. 🟢