diff --git a/x-pack/plugins/security/server/routes/authentication/common.test.ts b/x-pack/plugins/security/server/routes/authentication/common.test.ts index 46a9bb729d76b..d5e04f7614999 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.test.ts @@ -66,6 +66,7 @@ describe('Common authentication routes', () => { it('correctly defines route.', async () => { expect(routeConfig.options).toEqual({ + access: 'public', authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], }); diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 696c3f625425d..4eeeed2998098 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -41,7 +41,11 @@ export function defineCommonRoutes({ // Allow unknown query parameters as this endpoint can be hit by the 3rd-party with any // set of query string parameters (e.g. SAML/OIDC logout request/response parameters). validate: { query: schema.object({}, { unknowns: 'allow' }) }, - options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] }, + options: { + access: 'public', + authRequired: false, + tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + }, }, async (context, request, response) => { const serverBasePath = basePath.serverBasePath; diff --git a/x-pack/plugins/security/server/routes/authentication/saml.test.ts b/x-pack/plugins/security/server/routes/authentication/saml.test.ts index a3fb47afb0ae8..30b9bb5160b2b 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.test.ts @@ -54,6 +54,7 @@ describe('SAML authentication routes', () => { it('correctly defines route.', () => { expect(routeConfig.options).toEqual({ + access: 'public', authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index c1fa0cfc8e4ef..350f3527f3310 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -32,6 +32,7 @@ export function defineSAMLRoutes({ ), }, options: { + access: 'public', authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], diff --git a/x-pack/test_serverless/api_integration/services/svl_common_api.ts b/x-pack/test_serverless/api_integration/services/svl_common_api.ts index a68edd70d00ac..15b4f15f851fe 100644 --- a/x-pack/test_serverless/api_integration/services/svl_common_api.ts +++ b/x-pack/test_serverless/api_integration/services/svl_common_api.ts @@ -13,12 +13,21 @@ const COMMON_REQUEST_HEADERS = { 'kbn-xsrf': 'some-xsrf-token', }; +const INTERNAL_REQUEST_HEADERS = { + ...COMMON_REQUEST_HEADERS, + 'x-elastic-internal-origin': 'kibana', +}; + export function SvlCommonApiServiceProvider({}: FtrProviderContext) { return { getCommonRequestHeader() { return COMMON_REQUEST_HEADERS; }, + getInternalRequestHeader() { + return INTERNAL_REQUEST_HEADERS; + }, + assertResponseStatusCode(expectedStatus: number, actualStatus: number, responseBody: object) { expect(actualStatus).to.eql( expectedStatus, diff --git a/x-pack/test_serverless/api_integration/test_suites/common/spaces.ts b/x-pack/test_serverless/api_integration/test_suites/common/spaces.ts index 3184423411e47..fcb3dfe84fd17 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/spaces.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/spaces.ts @@ -16,7 +16,7 @@ export default function ({ getService }: FtrProviderContext) { it('rejects request to create a space', async () => { const { body, status } = await supertest .post('/api/spaces/space') - .set(svlCommonApi.getCommonRequestHeader()) + .set(svlCommonApi.getInternalRequestHeader()) .send({ id: 'custom', name: 'Custom', @@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) { it('rejects request to update a space with disabledFeatures', async () => { const { body, status } = await supertest .put('/api/spaces/space/default') - .set(svlCommonApi.getCommonRequestHeader()) + .set(svlCommonApi.getInternalRequestHeader()) .send({ id: 'custom', name: 'Custom',