Graylog nginx subdirectory SSO

I have a problem when i try to have a SSO between nginx 1.10.3 and graylog 2.5.0
this is my configuration for nginx: /etc/nginx/sites-available/reverseProxy

location / {
auth_basic “Restricted Access”;
auth_basic_user_file “/etc/nginx/.htpasswd”;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

    location /graylog {
            auth_basic "Restricted Access";

            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header Remote-User $remote_user;
            #proxy_set_header X-Forwarded-User $remote_user;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Graylog-Server-URL;
            proxy_set_header X-Requested-By $remote_addr;


and my configuration for grafana : /etc/graylog/server/server.conf
rest_listen_uri =
web_listen_uri =

the problem is, when i log on with internet explorer the SSO work perfectly, but when i try to log on with mozilla firefox or chrome, I am authenticated with the user “undefined” and i don’t know why ??

and this is the log of graylog i found:
2019-02-01T12:54:18.678+01:00 DEBUG [ModularRealmAuthenticator] Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@534ef0b4] does not support token org.apache.shiro.auhc.UsernamePasswordToken - XXXXX, rememberMe=false ( Skipping realm.

but i don’t know how to solve this issue, how can i disable: org.apache.shiro.auhc.UsernamePasswordToken

please help me…

  • Graylog Version: 2.5.0
  • Plugin Version: 2.5.0
  • Nginx: 1.10.3
  • Elasticsearch: 6.5.3
  • MongoDB Version: 4.0.4
  • Operating System: debian 9.6
  • Browser version: mozilla

thank very much for your help::grinning:

what version of the plugin did you use?

the version is 2.5.0:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.