Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO authenticated users not shown as active #2620

Closed
hc4 opened this issue Aug 5, 2016 · 10 comments
Closed

SSO authenticated users not shown as active #2620

hc4 opened this issue Aug 5, 2016 · 10 comments
Assignees
Labels
Milestone

Comments

@hc4
Copy link
Contributor

@hc4 hc4 commented Aug 5, 2016

Expected Behavior

Should be real remote IP of client

Current Behavior

For me it shows 127.0.0.1
image

Context

Maybe the problem caused by proxy.
Client actualy connects to proxy, and proxy to graylog.
Can graylog support X-Forwarded-For header?

Your Environment

  • Graylog Version: 2.1.0-beta2
@kroepke
Copy link
Member

@kroepke kroepke commented Aug 5, 2016

Have you set the trusted_proxies option?

The default is not to trust any subnets when it comes to the X-Forwarded-For header, but you can add it in the config file, e.g. for localhost:
trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128

@hc4
Copy link
Contributor Author

@hc4 hc4 commented Aug 5, 2016

Configured:
trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128, 0.0.0.0/0

but still no joy.
When does this client address get refreshed?

@hc4 hc4 closed this Aug 5, 2016
@hc4 hc4 reopened this Aug 5, 2016
@garybot2 garybot2 closed this Aug 5, 2016
@garybot2 garybot2 reopened this Aug 5, 2016
@hc4
Copy link
Contributor Author

@hc4 hc4 commented Aug 5, 2016

It seems sessions not refreshing at all.
Entered under another user from another PC - and even no green light

@joschi
Copy link
Contributor

@joschi joschi commented Aug 5, 2016

@hc4 Are you using a reverse proxy in front of Graylog?

@kroepke
Copy link
Member

@kroepke kroepke commented Aug 5, 2016

The session should be updated every time the user interacts with Graylog, I'll double check.

@hc4
Copy link
Contributor Author

@hc4 hc4 commented Aug 5, 2016

Yes, I'am using squid on same server with graylog.
And graylog hosted at 127.0.0.1

@hc4
Copy link
Contributor Author

@hc4 hc4 commented Aug 5, 2016

I think the problem is in SSO auth.
If I login throught login screen - session info (including IP) updates correctly

@hc4
Copy link
Contributor Author

@hc4 hc4 commented Aug 5, 2016

My auth config:

{
    "realm_order": 
    [
      "mongodb-session", 
      "access-token", 
      "sso", 
      "legacy-ldap", 
      "mongodb-password", 
      "root-user"
    ],
    "disabled_realms": ["legacy-ldap"]
}
@kroepke
Copy link
Member

@kroepke kroepke commented Aug 5, 2016

I can confirm that, looks like somehow the session isn't created as it should.
Works via normal login, doesn't work via SSO-created session.

kroepke added a commit that referenced this issue Aug 5, 2016
the SessionResource set a custom session attribute to find the name of the user owning the session, but the if auth plugins forced a session creation that wasn't set.
Instead of trying to fix the auth plugins, rely on a shiro framework attribute to get the principal

fixes #2620
@kroepke
Copy link
Member

@kroepke kroepke commented Aug 5, 2016

@hc4 Thanks for the report, the issue should be fixed in the next release!

@kroepke kroepke mentioned this issue Aug 5, 2016
4 of 9 tasks complete
@kroepke kroepke added bug S3 P2 labels Aug 5, 2016
@kroepke kroepke self-assigned this Aug 5, 2016
@kroepke kroepke added this to the 2.1.0 milestone Aug 5, 2016
@kroepke kroepke changed the title Incorrect client address on Users page SSO authenticated users not shown as active Aug 5, 2016
@bernd bernd closed this in #2621 Aug 8, 2016
bernd added a commit that referenced this issue Aug 8, 2016
The SessionResource set a custom session attribute to find the name of the user owning the session, but the if auth plugins forced a session creation that wasn't set.
Instead of trying to fix the auth plugins, rely on a shiro framework attribute to get the principal

fixes #2620
@kroepke kroepke added triaged and removed triaged labels Sep 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants