Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Default Route not applying with SAML #2081

Open
kclinden opened this issue Aug 1, 2024 · 5 comments
Open

[BUG] Default Route not applying with SAML #2081

kclinden opened this issue Aug 1, 2024 · 5 comments
Labels
bug Something isn't working triaged

Comments

@kclinden
Copy link

kclinden commented Aug 1, 2024
edited
Loading

I have OpenSearch Dashboards configured to go to /app/wazuh which works with Internal User logins, but when using SAML users are directed to /app/home

SAML Users not directed to default route

To Reproduce
Steps to reproduce the behavior:

  1. Configure Default Route
  2. Configure SAML
  3. Login to OS Dashboards

Expected behavior
All users are redirected to the default route.

OpenSearch Version
Version: 2.8.0, Build: rpm/db90a415ff2fd428b4f7b3f800a51dc229287cb4/2023-06-03T06:24:25.112415503Z, JVM: 17.0.7

Dashboards Version
OpenSearch Dashboards 2.8.0 - Revision 02

Plugins
n/a

Host/Environment (please complete the following information):

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

Configuration

uiSettings.overrides.defaultRoute: "/app/wazuh"
opensearch_security.auth.type: ["basicauth","saml"]
opensearch_security.auth.multiple_auth_enabled: true
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]

Google Chrome Dev Tools:
Request Headers

:authority: <url>
:method: POST
:path: /_opendistro/_security/saml/acs/idpinitiated

Response Headers

location: /app/opensearch-dashboards
@kclinden kclinden added bug Something isn't working untriaged labels Aug 1, 2024
@ruanyl
Copy link
Member

ruanyl commented Aug 2, 2024
edited
Loading

This might relate to the behaviour of security-dashboards-plugin https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/types/saml/saml_auth.ts#L64

@kclinden
Copy link
Author

kclinden commented Aug 2, 2024

This might relate to the behaviour of security-dashboards-plugin https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/types/saml/saml_auth.ts#L64

That looks to be exactly the issue.

@kavilla
Copy link
Member

kavilla commented Aug 6, 2024

@opensearch-project/admin can we redirect this to security dashboards plugin repo?

@gaiksaya gaiksaya transferred this issue from opensearch-project/OpenSearch-Dashboards Aug 6, 2024
@stephen-crawford
Copy link
Contributor

[Triage] Hi @kclinden, thank you for filing this issue. It looks like this issue is similar to some previous work done supporting OIDC: #1899. I will go ahead and mark this as triaged and encourage you to replicate the change I linked for SAML to see the fastest support of this use case.

@kclinden kclinden mentioned this issue Aug 12, 2024
Open
@kclinden
Copy link
Author

There are a lot of changes there and since Wazuh manages the configuration I am going to create a ticket in their project for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ruanyl @kclinden @kavilla @stephen-crawford