I can’t remove Connection from callback as it is required when additional check like whether user is in the organization and so on which require the alive connection to get additional information like user’s manager information. I need that for my application.
As a quick workaround, I clear the password from Connection Object after the connection bind like below and I have uploaded ver 0.2.3 in pypi.
Thank you again Nathan for the fast resonse!
That works for now. I am still concerned that this vulnerability is in a widely used library and nobody is concerned.
First off thanks for this great component, it worked on my first try so I knew it was going to be a winner.
Everything is working great except for one thing, it is not storing the jwt token in my browser and I confirmed w/ dev tools. When I comment out auth and just invoke CookieController and use your CookieController sample code, it sets and removes cookies fine.
I downloaded the component code and stepped through the .py code with vscode debugger and this line from cookie_controller.py “_cookie_controller(method=‘set’, name=name, value=value, options=options)” works when calling CookieController directly. The same line fails when called through Ldap Auth. I didn’t see any errors.
I believe it is due to latency between server and client is long. I think it is due to didn’t have enough time to save browser cookie before Streamlit rerun the page when the login successful. In ver 0.2.4, 0.1 sec delay after set cookie was hard coded in the package. Hence i updated to ver 0.2.5 to be able to configure delay_sec in Cookie_config.
You can try to update to ver 0.2.5 then increase the delay_sec in Cookie_Config when initialize the authenticate object.
You can add delay_sec in the auth_cookie session in Streamlit secret.toml file
[auth_cookie]
name = "login_cookie"
key = "{any password for encryption}"
expiry_days = 1
auto_renewal = true
delay_sec = 0.5
Then you can add the cookie config during authenticate object is created
Hi Nathan, it still doesn’t work for me. I’m monitoring with Developer tools and the cookie never gets written, regardless of the delay. I’m trying in Chrome and Edge.
Nathan…also when I examine values of cookie_configs within the __setCookie function, the values for expiry_days and delay_sec are always the 1 and .1 defaults, never what I have in the .toml file. The other values are fine.
Nathan, the expiry_days and delay_sec values are now passing correctly, however the JWT cookie is still not being written to the browser so reauth still doesn’t work. Let me know if you want me to try different versions of things or see a pip freeze. I’m using Windows w/ python 3.12.3 and Rocky Linux 3.12.1 with the lastest streamlit-ldap-authenticator.
Nathan! Good news, I think I found the issue! One of the LDAP attributes I need is is memberOf and I have a very long list of group memberships. I think the JWT token was too big so somewhere the SET was failing (without an error). Is it possible to take a list of “valid” CNs and strip them from memberOf before storing the cookie? Bottom line is I want to control access via AD Global Groups. Thanks!
Is there a way to setup a page redirect/switch after a successful login? As an added layer, it it’s possible to store the redirect page as a value in the Active Directory, is there a way to grab that and then redirect the user after a successful login?
hi Nathan, i try to enable cookie, but result show as bellowed. whether i need another setting or actions. and when i disable cookie_auth, no error found, but i need cookie.
I dont seem to get it how to add a bind user which needs to be setup for binding (making searches on ldap) before you can login with a normal user. Is this possible with this component?
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.