search

Graylog2 / graylog-plugin-auth-sso

SSO support for Graylog through trusted HTTP headers set by load balancers or authentication proxies
Other
50 stars 13 forks source link

Can't apply settings: error Updating SSO config failed: CSRF protection header is missing. Please add a "X-Requested-By" header to your request. #43

Closed ghost closed 5 years ago

ghost commented 5 years ago

Problem description

Can't apply SSO settings due to CSRF protection, header "X-Requested-By" is missing. I have Nginx doing HTTPS termination and proxying to Graylog as with instructions in "REST API and Web Interface on one port (using HTTPS/SSL):" http://docs.graylog.org/en/2.5/pages/configuration/web_interface.html

Note warning in http://docs.graylog.org/en/2.5/pages/configuration/rest_api.html

Steps to reproduce the problem

  1. installed this plugin graylog-plugin-auth-sso-2.5.0.deb using dpkg, verified the jar in /usr/share/graylog-server/plugin/graylog-plugin-auth-sso-2.5.0.jar
  2. configured the settings in System / Authentication / Single Sign-on (SSO)
  3. pushed "Save SSO Settings"
  4. Error message "Unable to update SSO authenticator config Updating SSO config failed: CSRF protection header is missing. Please add a "X-Requested-By" header to your request."

image

Environment

ghost commented 5 years ago

Noticed this is fixed in 2.5.1