graylog2-web-interface Integrate with Google Apps login (OpenID)

We are currently using Google as our domain email and would like to take benefit of the OpenID authentication to login into Graylog2. Is openID plugin part of the roadmap?

Mar 22 '14 21:03 dmelamedcl

Not scheduled but definitely something to think about! :+1:

Apr 01 '14 11:04 lennartkoopmann

+1

Nov 17 '14 16:11 dougrad

I don't think it's even possible to use Google Apps login without making Graylog accessible from the outside of your network (as far as I know Google needs a callback URL to complete the authentication). I think that would be a problem for most users.

Mar 02 '15 16:03 edmundoa

What you have to define is the redirect IP or domain authorized but Google is not calling the callback it is just doing a 301 to the redirect URL. You do not need to expose this ip/url outside of your network. We use Google Auth for Jenkins with an internal network ip without any issue

Mar 15 '15 22:03 Benoss

We use Google Auth for Jenkins as well. Would definitely be awesome to have this ability in graylog.

Jun 12 '15 21:06 gtaylor

+1 on this! It's terrible to have to manage user access manually. Having Google Auth would solve this problem for us.

Jun 23 '15 14:06 abecciu

+1

Oct 07 '15 13:10 felipegs

+1

Oct 08 '15 01:10 wilsonfan

+1

Oct 08 '15 14:10 stupied4ever

+1

Nov 03 '15 10:11 gravitybacklight

Dec 01 '15 19:12 Parveen-zopper

+1

Jan 31 '16 23:01 guusvw

+1

Feb 03 '16 14:02 nightlyone

+1

Feb 05 '16 16:02 djschilling

:+1:

Feb 11 '16 03:02 bassrock

It's possible to run google login (or any oauth2) when the system isn't accessible on the internet. The flow doesn't require a callback to the server. The server simply needs to be able to reach out to the oauth2 provider (or you can have the flow completely flow through the client).

Feb 24 '16 23:02 ryan-lane

+1

Mar 17 '16 18:03 toddlers

+1

Mar 28 '16 11:03 mlade77

Just a reminder that you can click on the new "reaction" feature instead of leaving all of these +1 comments. Quite a few of us are subscribed to this issue, so it results in a lot of needless emails.

Mar 31 '16 16:03 gtaylor

please make this configurable so you can use any openid connect provider

Jul 13 '16 21:07 mjmbischoff

will this be planned for any milestone?

Sep 06 '16 12:09 Ignitor

@Ignitor We implemented pluggable authentication mechanisms in Graylog 2.1.0, so support for authentication via Google could be written as a plugin.

This being said, there are no concrete plans to write such a plugin from our side, but if you feel lucky, you can give it a shot.

Sep 06 '16 12:09 joschi

Is this feature possible? Looking to implement this for my organisation.

Dec 19 '16 11:12 jjegg

@jjegg Sure, you could implement this with a plugin.

Dec 19 '16 12:12 joschi

@joschi could you point me to an online resource so I can learn more about how I would create this plugin and integrate this?

Dec 19 '16 12:12 jjegg

@jjegg http://docs.graylog.org/en/2.1/pages/plugins.html

We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.

Thank you!

Dec 19 '16 12:12 joschi

+1

Apr 07 '17 12:04 capo42

This is currently not on the roadmap, and for that reason closed. Note that you can write own authentication providers as a plugin to support Google Apps logins.

Apr 07 '17 15:04 lennartkoopmann