yellowcong
commented
5 years ago i have the same problem
Open kfdl opened 5 years ago
yellowcong
commented
5 years ago i have the same problem
yellowcong
commented
5 years ago i have solve this question
yellowcong
commented
5 years ago but have a new problem ,i can't logout 日了狗了
kfdl
commented
5 years ago i have solve this question
oh, good very good, and how did you solve the problem, because i don't know. Can you give me some tips pleaaaase
thank you very much for your help
yellowcong
commented
5 years ago @kfdl 实现效果 
yellowcong
commented
5 years ago @kfdl you have to make sure you proxy is right ,you may be X-Graylog-Server-URL not right.
kfdl
commented
5 years ago hello, thank you for your answer my nginx configuration is: proxy_set_header X-Graylog-Server-URL http://1.0.0.10/graylog/api; proxy_set_header X-Requested-By $remote_addr; proxy_pass http://1.15.15.15:9001/graylog;
and my graylog configuration is: rest_listen_uri = http://1.15.15.15:9001/graylog/api web_listen_uri = http://1.15.15.15:9001/graylog
maybe something is wrong with configuration, but i can access to graylog with the configuration below, and the SSO work on IE. so i'm really confuse...
what is apereo? I can use it instead of nginx for authentification?
kfdl
commented
5 years ago hello, i finally found something (i think so) in the graylog debug authentification log
"DEBUG [ModularRealmAuthenticator] Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@534ef0b4] does not support token org.apache.shiro.authc.UsernamePasswordToken - XXXXX, rememberMe=false (192.168.30.126). Skipping realm."
if somebody have a ideas about this log...
thank you :)
kfdl
commented
5 years ago hello, I have this log too but i don't know how to deal with it : Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1b6f8352] does not support token SessionIdToken{sessionId=edb32a28-d7b7-406b-a9dc-5132ae3adf14, host=XXXXXX}. Skipping realm.
thank you :)
happyyangyuan
commented
4 years ago @kfdl 实现效果
大佬,您可以把你的配置详细粘贴一下嘛,顺便把你的cas的实现流程简单讲讲?
teamrussia
commented
3 years ago Hi Guys..
Can you help me?
I don't know configure my nginx to use the sso plugin.
There is my config:
` location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Graylog-Server-URL https://$host; proxy_set_header Remote-User $remote_user; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Requested-By $remote_addr; proxy_pass http://graylog/; }
location /api/ {
proxy_pass http://graylog/api/;
proxy_set_header X-Graylog-Server-URL https://graylog/api/;
proxy_set_header Host $http_host;
proxy_set_header Remote-User $remote_user;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Requested-By $remote_addr;
}`
Problem description
hello I have a problem when i try to have a SSO between nginx 1.10.3 and graylog 2.5.0 this is my configuration for nginx: /etc/nginx/sites-available/reverseProxy
and my configuration for grafana : /etc/graylog/server/server.conf rest_listen_uri = http://1.15.15.15:9001/graylog/api web_listen_uri = http://1.15.15.15:9001/graylog
the problem is, when i log on with internet explorer the SSO work perfectly, but when i try to log on with mozilla firefox or chrome, I am authenticated with the user “undefined” and i don’t know why ??
please help me…
thank very much for your help
Steps to reproduce the problem
install nginx 1.10.3, graylog 2.5.0, elasticsearch: 6.5.3, MongoDB Version 4.0.4 on a debian 9.6 host, please put the configuration below for nginx and graylog. : for elasticsearch please change the node name in /etc/elasticsearch/elasticsearch.yml to graylog-node1 and cluster.name to: graylog.
Download the sso plugin for graylog 2.5.0 and place the .jar file in /usr/share/elasticsearch/plugins/ enabe and start all this service ( systemctl enable [services] and systemctl start [services]) for the configuration of graylog in the file /etc/graylog/server/server.conf please follow this intructions:
// You MUST specify a hash password for the root user (which you only need to initially set up the //system and in case you lose connectivity to your authentication backend) // This password cannot be changed using the API or via the web interface. If you need to change it, //modify it in this file. // Create one by using for example: echo -n yourpassword | shasum -a 256 // and put the resulting hash value into the following line root_password_sha2 =
and
// You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. //Generate one by using for example: pwgen -N 1 -s 96 password_secret =
then create in the folder /etc/nginx the file .htpasswd with the command htpasswd -db /etc/nginx/.htpasswd [user] [password] (create two account, the first for admin and the second for you)
use mozilla 64.4.0.2 and put the URL 1.0.0.10, log on the web server. after the log in put on mozilla the url 1.0.0.10/graylog and log on with the admin account and the password you choose.
then system > authentification > SSO : username header --> Remote-User don't select "request must come from a trusted proxy" don't select "automatically create" don't select "Synchronize the roles of the user from the specified HTTP header" then save the configuration.
then system > authentification > configure provider order: edit put the list like this:
clear the cache and the history et and quit mozilla. restart graylog, nginx , elasticsearch...
the open mozilla again, log on a the reverse proxy and go to /graylog. and you will see the error with the SSO, username "undefined". But if you do the same with IE it work. I don't understand the problem, I think I try everything (capture of the paquet between nginx and graylog for the to browser, change the configuration...)
pleaseeeeeeeee help me. thank you for your time
Environment