Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO plugin UI auto-login broken #3948

Closed
bernd opened this issue Jun 29, 2017 · 0 comments
Closed

SSO plugin UI auto-login broken #3948

bernd opened this issue Jun 29, 2017 · 0 comments
Assignees
Milestone

Comments

@bernd
Copy link
Member

@bernd bernd commented Jun 29, 2017

Expected Behavior

When using the SSO plugin and it is configured correctly, the web UI should not show the login form but log in the user automatically.

Current Behavior

Since #3634 this doesn't work anymore beause the web UI doesn't do an initial session check if no sessionId or username is found in local storage.

Possible Solution

Either revert #3634 or find a way to restore the auto-login behavior and also avoid the race condition for automated testing.

Steps to Reproduce (for bugs)

  1. Install the SSO plugin
  2. Setup a transparent proxy in front of Graylog and configure it to send the Remote-User header
  3. Check curl localhost/api/system/sessions -- SSO works
  4. Go to web interface and see login form instead of being logged in automatically

Your Environment

  • Graylog Version: 2.3.0-beta.2-SNAPSHOT 100f10c
@bernd bernd added blocker bug labels Jun 29, 2017
@bernd bernd added this to the 2.3.0 milestone Jun 29, 2017
@jalogisch jalogisch added the triaged label Jul 3, 2017
bernd added a commit that referenced this issue Jul 4, 2017
…present. (#3634)"

This reverts commit c3983db.

The SSO plugin relies on validation of the session to be able to skip the
login form and log in the user automatically.

Fixes #3948
@ghost ghost assigned bernd Jul 4, 2017
@ghost ghost added the in progress label Jul 4, 2017
@ghost ghost removed the in progress label Jul 4, 2017
dennisoelkers added a commit that referenced this issue Jul 4, 2017
…present. (#3634)" (#3973)

This reverts commit c3983db.

The SSO plugin relies on validation of the session to be able to skip the
login form and log in the user automatically.

Fixes #3948
dennisoelkers added a commit that referenced this issue Jul 28, 2017
Before this change, whenever a session validation attempt failed, the
session data in localStorage was removed. This was leading to a race
condition for automated browser testing, when validation took longer
than visiting the page for the first time to put session data in
localStorage, which was immediately removed by the validation promise
handler.

After this change, session data in localStorage is removed only if
present.

Refs #3634, #3948, #3973.
bernd added a commit that referenced this issue Jul 28, 2017
Before this change, whenever a session validation attempt failed, the
session data in localStorage was removed. This was leading to a race
condition for automated browser testing, when validation took longer
than visiting the page for the first time to put session data in
localStorage, which was immediately removed by the validation promise
handler.

After this change, session data in localStorage is removed only if
present.

Refs #3634, #3948, #3973.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants