HTTP Header Authentication + Logout

Description of your problem

When using header authentication in Graylog, logouts are not possible. The page merely reloads and the user is logged back in.

Description of steps you’ve taken to attempt to solve the issue

I’ve noticed the user merely gets directed to /. There is no specific logout url. I can see there is a DELETE call to /api/system/sessions/X.
Since I’m using nginx, I’ve added a section into my reverse proxy configuration that adds some javascript using ngx_http_sub_module which performs a proper logoff. This works, but is a bit of a hack.

Environmental information

Graylog 4.1.6

Operating system information


I am curious if anybody else has solved this issue or found a workaround for it? Including a configuration option linked to trusted headers like logout_redirect_url (which would redirect the user to a logout page after clicking logout) would be useful.

Hello && Welcome

I haven’t used Trusted Header Authentication yet.
Graylog 4.2 has better option now for SSO. This would be the enterprise feature but if you keep you logs under 5 GB a day its free. You can find more about it here


Hope that helps

Great, I did not know that, thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.