New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO plugin UI auto-login broken #3948

Closed
bernd opened this Issue Jun 29, 2017 · 0 comments

Comments

Projects
None yet
3 participants
@bernd
Member

bernd commented Jun 29, 2017

Expected Behavior

When using the SSO plugin and it is configured correctly, the web UI should not show the login form but log in the user automatically.

Current Behavior

Since #3634 this doesn't work anymore beause the web UI doesn't do an initial session check if no sessionId or username is found in local storage.

Possible Solution

Either revert #3634 or find a way to restore the auto-login behavior and also avoid the race condition for automated testing.

Steps to Reproduce (for bugs)

  1. Install the SSO plugin
  2. Setup a transparent proxy in front of Graylog and configure it to send the Remote-User header
  3. Check curl localhost/api/system/sessions -- SSO works
  4. Go to web interface and see login form instead of being logged in automatically

Your Environment

  • Graylog Version: 2.3.0-beta.2-SNAPSHOT 100f10c

@bernd bernd added blocker bug labels Jun 29, 2017

@bernd bernd added this to the 2.3.0 milestone Jun 29, 2017

@jalogisch jalogisch added the triaged label Jul 3, 2017

bernd added a commit that referenced this issue Jul 4, 2017

Revert "Prevent useless session validation when no id or username is …
…present. (#3634)"

This reverts commit c3983db.

The SSO plugin relies on validation of the session to be able to skip the
login form and log in the user automatically.

Fixes #3948

@wafflebot wafflebot bot assigned bernd Jul 4, 2017

@wafflebot wafflebot bot added the in progress label Jul 4, 2017

@wafflebot wafflebot bot removed the in progress label Jul 4, 2017

dennisoelkers added a commit that referenced this issue Jul 4, 2017

Revert "Prevent useless session validation when no id or username is …
…present. (#3634)" (#3973)

This reverts commit c3983db.

The SSO plugin relies on validation of the session to be able to skip the
login form and log in the user automatically.

Fixes #3948

dennisoelkers added a commit that referenced this issue Jul 28, 2017

Only removing session in localStorage when set.
Before this change, whenever a session validation attempt failed, the
session data in localStorage was removed. This was leading to a race
condition for automated browser testing, when validation took longer
than visiting the page for the first time to put session data in
localStorage, which was immediately removed by the validation promise
handler.

After this change, session data in localStorage is removed only if
present.

Refs #3634, #3948, #3973.

bernd added a commit that referenced this issue Jul 28, 2017

Only removing session in localStorage when set. (#4041)
Before this change, whenever a session validation attempt failed, the
session data in localStorage was removed. This was leading to a race
condition for automated browser testing, when validation took longer
than visiting the page for the first time to put session data in
localStorage, which was immediately removed by the validation promise
handler.

After this change, session data in localStorage is removed only if
present.

Refs #3634, #3948, #3973.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment