https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-login-error-when-using-aws-load-balancer/m-p/595123#M3538 <P>Anyone with actual experience with XSOAR running in AWS behind an ELB will have more accurate information than I will as I have never run this type of setup.<BR /><BR />Unfortunately, I don't have a concrete answer for you, and you may want to open a ticket with support (PAN, AWS, both?) for assistance with this.</P> <P>&nbsp;</P> <P>I can see from your post that you are using an Elastic Load Balancer (ELB) and not an Application Load Balancer (ALB).&nbsp;<BR />My first guess then is that this could be related to sticky sessions.<BR />Second, it could be that the ELB is not passing the cookie back to XSOAR properly or in the way XSOAR expects to receive it. I know that there is a restriction on ALB's (which you are not using) which prevents using JWT tokens, but that might be a red-herring in your issue.</P> <P>&nbsp;</P> <P>Support will (hopefully) have a better understanding about the authentication methods used by XSOAR and how to troubleshoot to see if this is an AWS issue, an XSOAR issue, or a limitation of the products being used in this way.</P> Fri, 16 Aug 2024 16:11:29 GMT cmcneil 2024-08-16T16:11:29Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-login-error-when-using-aws-load-balancer/m-p/595074#M3530 <P>Hello</P> <P>This is AWS environment.<BR />I installed XSOAR 6.12 on Private EC2.<BR />Since it is not accessible from the outside,</P> <P>I created a Public Subnet, connected a Load Balancer, and specified the Private EC2 where XSOAR is installed in the target group.</P> <P>The Load Balancer DNS address uses the default value.<BR />(ex. ***-*****-**-1*********.ap-northeast-2.elb.amazonaws.com)</P> <P>In this state, XSOAR web UI is connected and the Login page appears.<BR />However, when I enter my ID and password to log in,<BR />"Username and password do not match." error occurs on the Web UI screen.</P> <P>At first, I thought I entered the ID/PW incorrectly, but after checking XSOAR's server.log, it was not an ID/PW problem.<BR />The server.log is like this. ===========================================================<BR />2024-08-16 06:02:36.4868 warning CSRF issue for method : POST [error 'http: named cookie not present'] (source: /builds/GOPATH/src/gitlab.xdr.pan.local/xdr/xsoar/server/web/middleware.go:463)<BR />================================================================</P> <P>I don't know what the problem is.<BR />Please help me if you have any advice or know how to solve it.</P> Fri, 16 Aug 2024 06:10:51 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-login-error-when-using-aws-load-balancer/m-p/595074#M3530 BaeSoungUk 2024-08-16T06:10:51Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-login-error-when-using-aws-load-balancer/m-p/595123#M3538 <P>Anyone with actual experience with XSOAR running in AWS behind an ELB will have more accurate information than I will as I have never run this type of setup.<BR /><BR />Unfortunately, I don't have a concrete answer for you, and you may want to open a ticket with support (PAN, AWS, both?) for assistance with this.</P> <P>&nbsp;</P> <P>I can see from your post that you are using an Elastic Load Balancer (ELB) and not an Application Load Balancer (ALB).&nbsp;<BR />My first guess then is that this could be related to sticky sessions.<BR />Second, it could be that the ELB is not passing the cookie back to XSOAR properly or in the way XSOAR expects to receive it. I know that there is a restriction on ALB's (which you are not using) which prevents using JWT tokens, but that might be a red-herring in your issue.</P> <P>&nbsp;</P> <P>Support will (hopefully) have a better understanding about the authentication methods used by XSOAR and how to troubleshoot to see if this is an AWS issue, an XSOAR issue, or a limitation of the products being used in this way.</P> Fri, 16 Aug 2024 16:11:29 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-login-error-when-using-aws-load-balancer/m-p/595123#M3538 cmcneil 2024-08-16T16:11:29Z