Skip to content
This repository was archived by the owner on May 27, 2024. It is now read-only.
This repository was archived by the owner on May 27, 2024. It is now read-only.

Once a graylog session exists, the user name is not checked on subsequent requests if SSO user name has changed #35

Closed
Graylog2/graylog2-server
#9459
#40
Closed
Once a graylog session exists, the user name is not checked on subsequent requests if SSO user name has changed#35
Graylog2/graylog2-server
#9459
#40
Labels
bugtriaged
@ahus1

Description

@ahus1
ahus1
opened on Mar 9, 2018

Problem description

Steps to reproduce

Experienced Behavior

  1. Log in to Graylog using SSO
  2. Log out of SSO provider and log in with a different user
  3. Open Graylog URL -> the session of the old user is still active
  4. Manual Logout of the old user -> a new session for the new user is created.

Expected Behavior

  1. Log in to Graylog using SSO
  2. Log out of SSO provider and log in with a different user
  3. Open Graylog URL -> the previous session should be terminated automatically as new user name in http header doesn't match the sessions old user name.
  4. A new session should be created automatically for the new user.

Environment

  • Graylog Version: 2.4.3
  • Plugin Version: 2.4.2 with PR Add sync user roles by http header #25 merged
  • Elasticsearch Version: not relevant
  • MongoDB Version: not relevant
  • Operating System: not relevant
  • Browser version: not relevant

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugtriaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions