This change refactors the way the authentication subsystem works:
moved configuration of built-in authenticating realms in their constructors and simplified the SecurityManager provider actually hook up the new ordered realms collection to enable runtime reordering
…ls/session validation rationale is that once an authenticator looks at externally supplied credentials or pre-authenticated principals, such as HTTP headers, it can request an early creation of a Graylog session. This is the case with HTTP header based authentication, which typically comes from SSO proxies. slightly refactor the LDAP entry to user creation, we'll need to create a better interface for other authenticators in the next few steps for the UI, once the session validation returns a new username and session id, we'll simply accept that and log the user in. likewise, on logout we validate the session again, in case the credentials were external. a current problem with the implementation is that existing sessions for the same user and client aren't reused yet, because we cannot detec them: this creates uncessary sessions in the database, which will eventually time out.
When trying to access the System → Authentication page after running
EDIT: Seems to work when using the webpack dev server (running