search

Graylog2 / graylog-plugin-auth-sso

SSO support for Graylog through trusted HTTP headers set by load balancers or authentication proxies
Other
50 stars 13 forks source link

Cannot get SSO plugin to work #55

Closed skwokie closed 4 years ago

skwokie commented 4 years ago

Problem description

With nginx proxy_pass-ing the graylog server with the set user and role headers, the SSO plugin is not logging the user in automatically and the browser shows the log in screen instead.

Steps to reproduce the problem

Hi,

I followed http://docs.graylog.org/en/3.1/pages/installation/docker.html and used the persistence version of the docker-compose file to launch a graylog server version 3.1. Then, I followed https://docs.graylog.org/en/3.1/pages/users_and_roles/external_auth.html#single-sign-on and set up SSO with the following settings: Username Header: X-Authuser Request must come from a trusted proxy: unchecked Automatically create users: unchecked Synchronize the roles of the user from the specified HTTP header: unchecked Roles Header: X-Roles

Finally, I've nginx installed on another server with the following config:

location / { auth_request /verify; auth_request_set $user $upstream_http_x_authuser; auth_request_set $roles $upstream_http_x_roles; proxy_set_header X-Authuser $user; proxy_set_header X-Roles $roles; proxy_pass_request_headers on; proxy_pass http://dev-graylog-private.***.com/; }

with /verify to perform authentication and supply the username and role.

I've verified that the headers are passed to the graylog server by using tcpdump, and tcpdump shows this in the output:

X-Authuser: skwok@***.com
X-Roles: Reader
Host: dev-graylog-private.***.com
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dev-logs.***.com/
Cookie: _ga=GA1.2.1092793541.1580076237; _gid=GA1.2.399737522.1580076237
If-Modified-Since: Tue, 14 Jan 2020 16:06:32 GMT
If-None-Match: "1a2230a18c3ad6cb43feb9005b2567ff8cf1ebf4a85692bf19d15e562b70f518"
Cache-Control: max-age=0

I believe by hitting '/' on the nginx server with a browser, the SSO plugin is expected to log the user in; however, it is not the case. So, I turned on debug logging and tried to log in again and see the followings:

graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:48,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:49,937 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}].
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:49,940 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:50,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [null] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - No AuthenticationInfo found for submitted AuthenticationToken [org.graylog2.shared.security.HttpHeadersToken@48b68f5f].  Returning null.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.SessionAuthenticator@4447bb8c] does not support token org.graylog2.shared.security.HttpHeadersToken@48b68f5f.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token org.graylog2.shared.security.HttpHeadersToken@48b68f5f.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token org.graylog2.shared.security.HttpHeadersToken@48b68f5f.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token org.graylog2.shared.security.HttpHeadersToken@48b68f5f.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,336 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token org.graylog2.shared.security.HttpHeadersToken@48b68f5f.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [null] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - No AuthenticationInfo found for submitted AuthenticationToken [org.graylog2.shared.security.HttpHeadersToken@37026d32].  Returning null.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.SessionAuthenticator@4447bb8c] does not support token org.graylog2.shared.security.HttpHeadersToken@37026d32.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token org.graylog2.shared.security.HttpHeadersToken@37026d32.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token org.graylog2.shared.security.HttpHeadersToken@37026d32.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token org.graylog2.shared.security.HttpHeadersToken@37026d32.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,820 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token org.graylog2.shared.security.HttpHeadersToken@37026d32.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,936 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=140.242.18.3}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,937 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog.plugins.auth.sso.SsoAuthRealm@1c85084d] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is disabled for info [admin].  Submitted token: [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}].
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.AccessTokenAuthenticator@28f7f5b2] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.LdapUserAuthenticator@4367066b] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.PasswordAuthenticator@7163c513] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.pam.ModularRealmAuthenticator - Realm [org.graylog2.security.realm.RootAccountRealm@45907c12] does not support token SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}.  Skipping realm.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [SessionIdToken{sessionId=d131a58a-f6f8-4845-acae-4371f4c28022, host=192.168.208.1}].  Returned account [admin]
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
graylog_1        | 2020-01-26 23:47:51,939 DEBUG: org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.

So, I'd like to ask:

  1. Have I missed anything?
  2. Once I changed the log level, I see the "does not support token" debug message. Is it expected?

Thanks very much.

Environment

skwokie commented 4 years ago

Hi,

I've just tried using a Chrome extension to inject the user and role headers, and it worked - the login page is skipped and then it showed the Streams page. So, it is the proxy-pass that is not working. I've also captured the header on the graylog server using tcpdump and the logs of both are as followed:

Using Chrome extension

GET / HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: text/html
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

GET /config.js HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/javascript
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 127

GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 51

GET /api/ HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 452
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 232

GET /api/users/skwok@***.com HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/system HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1225
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 374

GET /api/system/locales HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/views/fields HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/views/functions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/system/cluster_config/org.graylog2.indexer.searches.SearchesClusterConfig HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2890
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 265

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2790
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 2

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 3871
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24

GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 851
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 30

GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 3557
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24

GET /api/system/jvm HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1312
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 403

GET /api/search/decorators/available HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/search/decorators HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1519
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 2

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2321
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1529
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 659
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 30

GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1264
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27

GET /api/system/gettingstarted HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 13

GET /api/users/skwok@***.com HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

GET /api/system/gettingstarted HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 13

GET /api/dashboards HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1482
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 27

GET /api/system/indices/index_sets?stats=false HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 2601
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 38

GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 392
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 232

GET /api/streams HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

GET /api/streams/null/rules/types HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 1469
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Transfer-Encoding: chunked

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4034
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:23 GMT
Content-Length: 24

POST /api/cluster/metrics/multiple HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Content-Length: 100
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-graylog.***.com
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-graylog.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4363
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:26 GMT
Content-Length: 295

GET /api/system/notifications HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 809
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:27 GMT
Content-Length: 30

POST /api/cluster/metrics/multiple HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Content-Length: 100
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-graylog.***.com
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-graylog.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 4549
Content-Type: application/json
Date: Mon, 27 Jan 2020 20:44:27 GMT
Content-Length: 295

GET /api/system/cluster/nodes HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
X-Requested-By: XMLHttpRequest
Authorization: Basic OTQ1NWJmMjMtOTM0OC00YWNjLWFiZjEtYTI5OTEzMWJjZTE2OnNlc3Npb24=
Content-Type: application/json
Accept: application/json
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Referer: http://dev-graylog.***.com/streams
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; OBTKSID=lhhqmo4ar19bcdjihmc0amjdb5
x-authuser: skwok@***.com
x-itspid: 00000001
x-roles: Reader
^C64 packets captured
64 packets received by filter
0 packets dropped by kernel

Using proxy-pass

GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate

X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 406
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:26 GMT
Content-Length: 232

GET / HTTP/1.0
Host: dev-graylog-private.***.com
Connection: close
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader

HTTP/1.1 200 OK
X-UA-Compatible: IE=edge
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: text/html
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Content-Length: 1590

GET /config.js HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2

HTTP/1.1 200 OK
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/javascript
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 127
Host: dev-graylog.***.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-requested-by,x-requested-with
Origin: http://dev-logs.***.com
Sec-Fetch-Mode: cors
Referer: http://dev-logs.***.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Date: Mon, 27 Jan 2020 21:21:43 GMT

GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic dW5kZWZpbmVkOnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 52
Host: dev-graylog.***.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-graylog-no-session-extension,x-requested-by,x-requested-with
Origin: http://dev-logs.***.com
Sec-Fetch-Mode: cors
Referer: http://dev-logs.***.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Date: Mon, 27 Jan 2020 21:21:43 GMT

GET /api/ HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
X-Graylog-No-Session-Extension: true
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
X-Runtime-Microseconds: 411
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 232

GET /assets/4bb26941a7fc56acf1c1ac2afb35f58d.jpg HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2

HTTP/1.1 200 OK
ETag: "1a2230a18c3ad6cb43feb9005b2567ff8cf1ebf4a85692bf19d15e562b70f518"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: image/jpeg
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked

GET /assets/48aa7ad98beedc63d82925f45fd8e72c.woff2 HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
Origin: http://dev-logs.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2

GET /assets/af7ae505a9eed503f8b8e6982036873e.woff2 HTTP/1.0
x-authuser: skwok@***.com
x-itspid: 29308
x-roles: Reader
test-psh: test
Host: dev-graylog-private.***.com
Connection: close
Origin: http://dev-logs.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Accept: */*
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.275491200.1568329128; ajs_group_id=null; ajs_anonymous_id=%2231216b4f-3ea8-45b8-bada-2f13e7cf1588%22; _gid=GA1.2.713232533.1580076035; _gat=1; OBTKSID=6btvqf0050rflighpj51dt2ve2

HTTP/1.1 200 OK
ETag: "2c003703a07bac02b8e42b49562a2cdb95b9b68ef4bd669b6c9c7e9919f7dbe7"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/octet-stream
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked

HTTP/1.1 200 OK
ETag: "2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe"
Cache-Control: no-transform, max-age=31536000
Last-Modified: Tue, 14 Jan 2020 16:06:32 GMT
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/octet-stream
Date: Mon, 27 Jan 2020 21:21:43 GMT
Connection: close
Transfer-Encoding: chunked

GET /api/system/sessions HTTP/1.1
Host: dev-graylog.***.com
Connection: keep-alive
Authorization: Basic dW5kZWZpbmVkOnNlc3Npb24=
Accept: application/json
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Content-Type: application/json
Origin: http://dev-logs.***.com
Referer: http://dev-logs.***.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://dev-logs.***.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
Cache-Control: no-cache
X-Graylog-Node-ID: 45980e59-f012-452c-a911-992b50b2cbf8
Content-Type: application/json
Date: Mon, 27 Jan 2020 21:21:43 GMT
Content-Length: 52

GET /api/ HTTP/1.1
Host: dev-graylog.***.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
X-Requested-By: XMLHttpRequest
X-Graylog-No-Session-Extension: true
Origin: http://dev-logs.***.com
Connection: keep-alive
Referer: http://dev-logs.***.com/
jalogisch commented 4 years ago

he @skwokie

as you can see the SSO Plugin is working like it should. You have checked that with the chrome extension yourself. It might be related to your nginx configuration. Please check the spelling and if everything is lower/uppercase as it should.

We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our discussion forum or join the #graylog channel on freenode IRC.

Thank you!

skwokie commented 4 years ago

Thanks, @jalogisch. I've resolved the issue after referencing https://docs.graylog.org/en/3.1/pages/configuration/web_interface.html#nginx and adding the mentioned headers.