XSOAR Login error when using aws load balancer

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XSOAR Login error when using aws load balancer

L0 Member

Hello

This is AWS environment.
I installed XSOAR 6.12 on Private EC2.
Since it is not accessible from the outside,

I created a Public Subnet, connected a Load Balancer, and specified the Private EC2 where XSOAR is installed in the target group.

The Load Balancer DNS address uses the default value.
(ex. ***-*****-**-1*********.ap-northeast-2.elb.amazonaws.com)

In this state, XSOAR web UI is connected and the Login page appears.
However, when I enter my ID and password to log in,
"Username and password do not match." error occurs on the Web UI screen.

At first, I thought I entered the ID/PW incorrectly, but after checking XSOAR's server.log, it was not an ID/PW problem.
The server.log is like this. ===========================================================
2024-08-16 06:02:36.4868 warning CSRF issue for method : POST [error 'http: named cookie not present'] (source: /builds/GOPATH/src/gitlab.xdr.pan.local/xdr/xsoar/server/web/middleware.go:463)
================================================================

I don't know what the problem is.
Please help me if you have any advice or know how to solve it.

1 REPLY 1

L2 Linker

Anyone with actual experience with XSOAR running in AWS behind an ELB will have more accurate information than I will as I have never run this type of setup.

Unfortunately, I don't have a concrete answer for you, and you may want to open a ticket with support (PAN, AWS, both?) for assistance with this.

 

I can see from your post that you are using an Elastic Load Balancer (ELB) and not an Application Load Balancer (ALB). 
My first guess then is that this could be related to sticky sessions.
Second, it could be that the ELB is not passing the cookie back to XSOAR properly or in the way XSOAR expects to receive it. I know that there is a restriction on ALB's (which you are not using) which prevents using JWT tokens, but that might be a red-herring in your issue.

 

Support will (hopefully) have a better understanding about the authentication methods used by XSOAR and how to troubleshoot to see if this is an AWS issue, an XSOAR issue, or a limitation of the products being used in this way.

  • 320 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!