Integrate with Google Apps login (OpenID)

[dmelamedcl]

We are currently using Google as our domain email and would like to take benefit of the OpenID authentication to login into Graylog2. Is openID plugin part of the roadmap?

[lennartkoopmann]

Not scheduled but definitely something to think about! :+1:

[dougrad]

+1

[edmundoa]

I don't think it's even possible to use Google Apps login without making Graylog accessible from the outside of your network (as far as I know Google needs a callback URL to complete the authentication). I think that would be a problem for most users.

[Benoss]

What you have to define is the redirect IP or domain authorized but Google is not calling the callback it is just doing a 301 to the redirect URL. You do not need to expose this ip/url outside of your network. We use Google Auth for Jenkins with an internal network ip without any issue

[gtaylor]

We use Google Auth for Jenkins as well. Would definitely be awesome to have this ability in graylog.

[abecciu]

+1 on this! It's terrible to have to manage user access manually. Having Google Auth would solve this problem for us.

[felipegs]

+1

[wilsonfan]

+1

[stupied4ever]

+1

[gravitybacklight]

+1

[Parveen-zopper]

+

[guusvw]

+1

[nightlyone]

+1

[djschilling]

+1

[bassrock]

:+1:

[ryan-lane]

It's possible to run google login (or any oauth2) when the system isn't accessible on the internet. The flow doesn't require a callback to the server. The server simply needs to be able to reach out to the oauth2 provider (or you can have the flow completely flow through the client).

[toddlers]

+1

[mlade77]

+1

[gtaylor]

Just a reminder that you can click on the new "reaction" feature instead of leaving all of these +1 comments. Quite a few of us are subscribed to this issue, so it results in a lot of needless emails.

[mjmbischoff]

please make this configurable so you can use any openid connect provider

[Ignitor]

will this be planned for any milestone?

[joschi]

@Ignitor We implemented pluggable authentication mechanisms in Graylog 2.1.0, so support for authentication via Google could be written as a plugin.

This being said, there are no concrete plans to write such a plugin from our side, but if you feel lucky, you can give it a shot.

[jjegg]

Is this feature possible? Looking to implement this for my organisation.

[joschi]

@jjegg Sure, you could implement this with a plugin.

[jjegg]

@joschi could you point me to an online resource so I can learn more about how I would create this plugin and integrate this?

[joschi]

@jjegg http://docs.graylog.org/en/2.1/pages/plugins.html

We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.

Thank you!

[capo42]

+1

[lennartkoopmann]

This is currently not on the roadmap, and for that reason closed. Note that you can write own authentication providers as a plugin to support Google Apps logins.