search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.38k stars 1.06k forks source link

When creating a user, the time zone setting is not being persisted (Okta) #19005

Open linuspahl opened 6 months ago

linuspahl commented 6 months ago

Description

When you create a user /system/users/new and select a time zone like New York, it is not being persisted after creating the user. Instead the user has the time zone UTC. This happened to me on a system which implements Okta. It does not seem to occur on a system which uses no authentication provider. When setting a time zone while editing the user, it is being persisted.

Your Environment

patrickmann commented 5 months ago

@linuspahl Did you happen to test on Cloud as well?

Looks like we are not passing the timezone attribute to Okta. Based on a quick scan of the code, I doubt that this is a regression from 5.2. I think we never added timezone support for Okta.

I believe Okta in Cloud is the only scenario for which we sync bi-directionally (since the Okta instance is maintained by GL and not accessible to customers). In all other cases we only import from the IDP, but do not sync back local changes.

linuspahl commented 5 months ago

@patrickmann If I remember it correctly I only tested it on a cloud instance.

patrickmann commented 5 months ago

Okta user creation takes a different code path from all other auth backends. It uses UserDetails to persist the information - and that class does not include timezone. So this is not a regression, but rather a new feature request. Though you could argue it should have been there all along: It's inconsistent and limiting that Okta users are forced to be UTC.

On a side note: We have never provided sync of timezone from or to Okta. This would be a new capability. In 2020 we had an incomplete Okta implementation which stored timezone locally; but that got lost when we completed the Okta synching code.