I am looking to implement Graylog 4.x on a production level with multiple Active Directory for user authentication which we already have running for other apps (using our ADFS/SAML portal). After researching everywhere I haven’t found a plugin compatible with Graylog 4.0+ or a way to get it done properly.
On this page SAML authentication support | Ideas for Graylog I found out that the feature was requested (and got 39 votes) but not implemented, does it mean that Graylog will never implement it in the future?
It would be reassuring to me to know that there is a chance that we could see ADFS/SAML in future Graylog version even if it is as a paid feature in Graylog enterprise. Is there a chance that this feature could get back on the roadmap?
I would be very curious to know why the Graylog team took the decision not to implement such a feature?
If anybody found a way around that works for version 4.x, I would appreciate your comments.
I was also looking into SAML for Graylog 4.0 + but its unfortunate there is not one at this time.
I’v been trying for a couple months now with no luck.
Do believe there is a Trusted Header Authentication under Authenticators.
Yes I thought about that setup with Trusted Header Authentication but there are a few blocking points that make me doubt the viability of this solution.
How can we redirect to ADFS if we are not connected so a user can sign in at a different place. It would be possible to implement it if the login page always had the same path like /login but it isn’t the case and you can login on any subpath inside the graylog app.
Without appropriate documentation it makes it difficult to set up ADFS with the correct header
The Trusted Header Authentication doesn’t create new account on first connection so they have to be created prior for all users.
I really hope we can get a proper ADFS / SAML authentication at some point.
Thank you for your reply.
