Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External authentication (SSO) requires LDAP #2817

Closed
zagy opened this issue Sep 13, 2016 · 1 comment · Fixed by #2820
Closed

External authentication (SSO) requires LDAP #2817

zagy opened this issue Sep 13, 2016 · 1 comment · Fixed by #2820
Assignees
@kroepke
Labels
bug P2 S3 triaged
Milestone
2.1.1

Comments

@zagy
Copy link

zagy commented Sep 13, 2016

When using the SSO plugin, you also need to enable LDAP. Otherwise users are not being logged in. It throws "LDAP authentication is currently disabled." from https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/security/realm/SessionAuthenticator.java#L73

Expected Behavior

I'd expect Graylog not to prevent other plugins (the SSO plugin here) to authenticate externally even when there is no LDAP configured.

Current Behavior

Login via SSO not possible due to error "LDAP authentication is currently disabled". Login form shown.

It works after LDAP is enabled. In fact it's sufficient that LDAP is enabled, regardless if the configuration is actually working

Steps to Reproduce (for bugs)

Well …

  1. Have SSO capable graylog and appropriate proxy.
  2. Turn off LDAP on the LDAP configuration page
  3. SSO Login doesn't work.
    4.
  • Graylog Version: v2.1.0+62db7e0
kroepke added a commit that referenced this issue Sep 13, 2016
@kroepke
remove ldap settings check from authenticators
e3f79d8 
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817
@kroepke kroepke mentioned this issue Sep 13, 2016
Merged
@kroepke
Copy link
Member

kroepke commented Sep 13, 2016

Thank you for your contribution, we'll see that it gets fixed in 2.1.1.

@kroepke kroepke added this to the 2.1.1 milestone Sep 13, 2016
@kroepke kroepke self-assigned this Sep 13, 2016
bernd pushed a commit that referenced this issue Sep 13, 2016
@kroepke @bernd
Remove ldap settings check from authenticators (#2820)
e7c7127 
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817
bernd pushed a commit that referenced this issue Sep 13, 2016
@kroepke @bernd
Remove ldap settings check from authenticators (#2820)
3ad3274 
we no longer lock external accounts when ldap is disabled because other authenticators can also create external users now
if people require this we need to track which authenticator created the account in the first place, but that's too large a change for a bug fix release

fixes #2817
(cherry picked from commit e7c7127)
@kroepke kroepke added triaged and removed triaged labels Sep 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kroepke kroepke

Labels
bug P2 S3 triaged
Projects
None yet
Milestone
2.1.1
Development

Successfully merging a pull request may close this issue.

remove ldap settings check from authenticators Graylog2/graylog2-server
2 participants
@kroepke @zagy