New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

External authentication (SSO) requires LDAP #2817

Closed
zagy opened this Issue Sep 13, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@zagy

zagy commented Sep 13, 2016

When using the SSO plugin, you also need to enable LDAP. Otherwise users are not being logged in. It throws "LDAP authentication is currently disabled." from https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/security/realm/SessionAuthenticator.java#L73

Expected Behavior

I'd expect Graylog not to prevent other plugins (the SSO plugin here) to authenticate externally even when there is no LDAP configured.

Current Behavior

Login via SSO not possible due to error "LDAP authentication is currently disabled". Login form shown.

It works after LDAP is enabled. In fact it's sufficient that LDAP is enabled, regardless if the configuration is actually working

Steps to Reproduce (for bugs)

Well …

  1. Have SSO capable graylog and appropriate proxy.
  2. Turn off LDAP on the LDAP configuration page
  3. SSO Login doesn't work.
    4.
  • Graylog Version: v2.1.0+62db7e0

kroepke added a commit that referenced this issue Sep 13, 2016

remove ldap settings check from authenticators
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817
@kroepke

This comment has been minimized.

Member

kroepke commented Sep 13, 2016

Thank you for your contribution, we'll see that it gets fixed in 2.1.1.

@kroepke kroepke added this to the 2.1.1 milestone Sep 13, 2016

@kroepke kroepke added bug S3 P2 labels Sep 13, 2016

@kroepke kroepke self-assigned this Sep 13, 2016

@bernd bernd closed this in #2820 Sep 13, 2016

bernd added a commit that referenced this issue Sep 13, 2016

Remove ldap settings check from authenticators (#2820)
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817

bernd added a commit that referenced this issue Sep 13, 2016

Remove ldap settings check from authenticators (#2820)
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817
(cherry picked from commit e7c7127)

@kroepke kroepke added triaged and removed triaged labels Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment