Automatically created users did not get access

[kjpopov]

Problem description

I am trying to run this SSO plugin behind a nginx proxy. When I have the user in question previously created the authentication works as a charm. When I try to use the "Automatically create users" I got the user created but he is getting 401 Access Denied error in the browser.

Steps to reproduce the problem

1. Install the plugin from deb package
2. Add this at the bottom of /etc/graylog/server/server.conf trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
3. Configure dummy ngx proxy

server
{
    listen      443 ssl;
    server_name graylog.mydomain.com;

    ssl_certificate /etc/ssl/private/my.crt;
    ssl_certificate_key /etc/ssl/private/my.key;

    set $user_email 'dummy@example.com';
    set $user_name 'dummy';

    location /
      {
      proxy_set_header    X-Remote-User $user_name;
      proxy_set_header    X-Remote-User-Email $user_email;
      proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header    Host $http_host;
      proxy_set_header    X-Graylog-Server-URL https://graylog.mydomain.com/api;
      proxy_pass          http://127.0.0.1:9000;
      }
}

1. Configure the plugin to expect headers from the config above and check the Automatically create users checkbox.

   Environment

   • Graylog Version: Graylog 2.1.0+62db7e0 on (Oracle Corporation 1.8.0_102 on Linux 3.16.0-4-amd64)
   • Plugin Version: 1.0.3
   • Elasticsearch Version: 2.3.2
   • MongoDB Version: 2.6.12
   • Operating System: OSX Client / Debian jessie server
   • Browser version: Google Chrome Version 52.0.2743.116 (64-bit)

[kroepke]

Are there any relevant errors in the graylog log file?

[kroepke]

@kjpopov Please comment on this issue if you have additional information. We have been unable to reproduce this so far. Once you have more information I will reopen the issue.

Thanks!