Hi! Graylog2 0.20 web interface currently only supports authenticating via username/password and after that relies on its own session cookie to authenticate against the graylog2 servers. To support client certificates we would need add that as an authentication mechanism. In fact we have received one or two questions about allowing certificates to be used for authentication, but so far this has been low priority, to be honest.
For this to work sensibly and securely, we would need to support some kind of certificate management for all the connections between the user, web interface process and graylog2 server (as well as mongodb which stores the user's data and session information). That was well beyond the scope of this release, so we decided to not support it for now. If you need this feature, could you please file an issue over at github: https://github.com/Graylog2/graylog2-web-interface/issues?milestone=&state=open ? BTW, it wouldn't be as easy as in the 0.1x versions, because starting in 0.20 the server authenticates all requests, too, and it has no knowledge about the first proxy server. Thanks, Kay On Wednesday, January 22, 2014 10:47:33 AM UTC+1, Егор Морозов wrote: > > Hello everyone! > > We've been using Graylog2 0.1x for a long time, it was simple enough to > patch it and make using SSL_CLIENT_S_DN_CN Apache env variable. As now it's > powered using a binary, this is much more painful to do the same so I > wonder if it's somehow possible to make it use any of the variables passed > by a proxy (nginx/Apache) to authenticate the user. > > Alternative approach that I can see is to generate the cookie using perl > or php script, but as I have no experience with Java, I can't really > understand how to generate the same cookie (like graylog2-web does). Could > someone describe this? > > Thanks! > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
