Chronograf OAuth not re-autenticating user

chronograf

#1

Hi,

I managed to setup both GitHub and Google OAuth login.

However, the login page does not re-authenticate (key in username/password again) the user even though I log off or close entire browser. If i manually clear the browser cache, then i will get re-authenticated.

I have configured --auth-duration=0 in chronograf.service and also restarted.

Any idea guys?


#2

Hi there,

This is difficult to answer without knowing more information/context.
Have you tried testing the --auth-duration with various other times? Maybe, try 1m or 1h? If it is not working for any time interval, that presents a different problem.

Another option is to store the auth-duration as an environment variable ($AUTH_DURATION) instead and see if that makes any difference.


#3
  1. Hi, tried it does not work for --auth-duration=1m or 0

[Service]
User=chronograf
Group=chronograf
EnvironmentFile=-/etc/default/chronograf
ExecStart=/usr/bin/chronograf --host 0.0.0.0 --port 8888 -b /var/lib/chronograf/chronograf-v1.db -c /usr/share/chronograf/canned --auth-duration=1m --google-client-id xxxxxxxx …
KillMode=control-group
Restart=on-failure

[Install]
WantedBy=multi-user.target

  1. My environment configuration file is empty. Can you guide me how to use ($AUTH_DURATION)

  2. I also noticed that even though i deleted a user account using another admin account. If i log in via OAuth for the user account, I am able to log in. And the ‘deleted’ user account will reappear in the User configuration.

  3. How can i make the Dashboard as the default page after login ?

Thanks so much


#4

Hi any help?

I need user to relogin after logging out or browser closed.


#5

Hi,

In terms of setting up the AUTH_DURATION environment variable, try taking a look at the documentation here: https://docs.influxdata.com/chronograf/v1.4/administration/managing-security

You can see a section on Configuring Authentication Duration as an environment variable. If that still doesn’t work, then there could perhaps be a bug, and we would need to file an issue on that.

I will have to do more research on your second and third questions, and will get back to you.