Development
Threat Intelligence

OpenCTI and SSO (Single Sign On)

Feb 10, 2021 3 min read

Professional authentication should not be an extra cost.

OpenCTI is an open source Cyber Threat Intelligence platform (TIP) aimed to be used by any public or private organization that needs to structure its cyber threat intelligence knowledge. This statement implies that the platform must be able to provide users with enterprise-grade features such as Role-Based Access Control, Single Sign On, data/knowledge segregation by group of users, etc.

OpenCTI Custom Dashboard

Along our journey to build the most advanced TIP, one of the challenges we have faced is to be able to propose seamless integrations with all kind of authentication systems. For this reason, we have implemented various strategies to cover the most common authentication and Single Sign On mechanisms, with the ability to mix and prioritize those strategies. Obviously, if the authentication system of your organization is not listed below, it could be easily added to the product (please open an issue on Github).

Complete authentication and SSO support

A lot of products on the market have made the choice to support SSO in paid offers or “enterprise package”, we strongly believe that the security features such as authentication, encryption or RBAC capabilities should never be an extra cost, even for proprietary software.

Here is the list of current strategies supported by OpenCTI:

  • Local: built-in user management system with login and hashed passwords.
  • LDAP: any implementation including Active Directory support.
  • Generic OpenID: a safer and faster way to authenticate on web applications.
  • Auth0: a popular enterprise grade authentication system.
  • Most common identity providers such as GoogleFacebook and Github.

Filigran and Citeum Collective SSO

OpenCTI is developed by Filigran.

In the context of the Citeum membership, we have decided to setup a unique federation of identities for all organizations under the Citeum umbrella. This system provides Luatix users with a unified way to authenticate on all products and applications. For instance, we have configured the OpenCTI demonstration instance, the OpenBAS demonstration instance or the Citeum transparency space to use the Citeum Collective OpenID provider (based on Keycloak).

Thanks to this approach, all users are able to use social or built-in users system to authenticate all applications and preserve their security across all Luatix products.

Citeum Collective login page

This unified authentication space also provide users with out-of-the-box security features such as:

  • The two-factor authentication using FreeOTP or Google Authenticator.
  • The identity federation to merge social accounts or multiple email addresses into one single account.
  • The management of open sessions and authorized applications.

Here is an example of our OpenID strategy configuration for the OpenCTI demonstration instance:

Copied !
"openid": {
    "strategy": "OpenIDConnectStrategy", 
    "config": {
        "label": "Login with Citeum Collective", 
        "issuer": "https://auth.citeum.org/auth/realms/citeum", 
        "client_id”: "changeMe", 
        "client_secret": "changeMe", 
        "callback_url": “https://demo.opencti.io/auth/oic/callback"
    }
}

Enjoy Security!

Stay up to date with everything at Filigran

Sign up for our newsletter and get bi-monthly updates of Filigran major events: product updates, upcoming events, latest content and more.