Graylog nginx subdirectory SSO


#1

hello
I have a problem when i try to have a SSO between nginx 1.10.3 and graylog 2.5.0
this is my configuration for nginx: /etc/nginx/sites-available/reverseProxy

location / {
auth_basic “Restricted Access”;
auth_basic_user_file “/etc/nginx/.htpasswd”;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
}

    location /graylog {
            auth_basic "Restricted Access";

            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header Remote-User $remote_user;
            #proxy_set_header X-Forwarded-User $remote_user;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Graylog-Server-URL http://1.0.0.10/graylog/api;
            proxy_set_header X-Requested-By $remote_addr;

            proxy_pass       http://1.15.15.15:9001/graylog;
            
    }

and my configuration for grafana : /etc/graylog/server/server.conf
rest_listen_uri = http://1.15.15.15:9001/graylog/api
web_listen_uri = http://1.15.15.15:9001/graylog

the problem is, when i log on with internet explorer the SSO work perfectly, but when i try to log on with mozilla firefox or chrome, I am authenticated with the user “undefined” and i don’t know why ??

and this is the log of graylog i found:
2019-02-01T12:54:18.678+01:00 DEBUG [ModularRealmAuthenticator] Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@534ef0b4] does not support token org.apache.shiro.auhc.UsernamePasswordToken - XXXXX, rememberMe=false (192.168.30.126). Skipping realm.

but i don’t know how to solve this issue, how can i disable: org.apache.shiro.auhc.UsernamePasswordToken

please help me…

  • Graylog Version: 2.5.0
  • Plugin Version: 2.5.0
  • Nginx: 1.10.3
  • Elasticsearch: 6.5.3
  • MongoDB Version: 4.0.4
  • Operating System: debian 9.6
  • Browser version: mozilla 64.4.0.2

thank very much for your help::grinning:


(Jan Doberstein) #2

what version of the plugin did you use?


#3

the version is 2.5.0:
graylog-plugin-auth-sso-2.5.0.jar


(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.