The SSO plugin isn't respecting the case of the headers - all headers appear to be pulled into the plugin as lowercase. If nginx is sending Remote-User, the plugin interprets it as remote-user which can be very confusing for people trying to get the plugin to work properly.
Steps to reproduce the problem
Set up Graylog behind nginx as a reverse proxy
Set up nginx to return the header "Remote-User" to Graylog
proxy_set_header Remote-User $email;
Install SSO plugin into Graylog
Set up SSO and configure it to use "Remote-User" as the username header (matching case of the nginx header)
SSO plugin will not see the "Remote-User" header and SSO will not properly function
Change SSO to look for "remote-user" (does not match the case of the nginx header) and it will work successfully
Plugin should either lowercase all configured headers before attempting to match them, or should not lowercase the headers being passed into it in the first place.
Environment
Graylog Version: 3.1.3
Plugin Version: 3.1.0
Elasticsearch Version: 6.8.5
MongoDB Version: 4.0.13
Operating System: CentOS Linux release 7.6.1810 (Core)
Problem description
The SSO plugin isn't respecting the case of the headers - all headers appear to be pulled into the plugin as lowercase. If nginx is sending
Remote-User, the plugin interprets it asremote-userwhich can be very confusing for people trying to get the plugin to work properly.Steps to reproduce the problem
proxy_set_header Remote-User $email;Plugin should either lowercase all configured headers before attempting to match them, or should not lowercase the headers being passed into it in the first place.
Environment