Handle RelayState in preparing a SAMLAuthN Request #46534
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change allows for the caller of the `saml/prepare` API to pass a `relay_state` parameter that will then be part of the redirect URL in the response as the `RelayState` query parameter. The SAML IdP is required to reflect back the value of that relay state when sending a SAML Response. The caller of the APIs can then, when receiving the SAML Response, read and consume the value as it see fit.
jkakavas
added
>non-issue
:Security/Authentication
|
Pinging @elastic/es-security |
|
At first glance this looks fine, but let's wait and see how Kibana wants to deal with the length limit on |
|
I agree to wait for Kibana but I think the possibility for the caller of the API to set the relaystate we send with the authentication request is useful to have ( Since we do already handle the possibility of a relay state parameter internally ) even if kibana doesn't use this now for passing the target url |
|
@elasticmachine update branch |
tvernum
approved these changes
Sep 25, 2019
| @@ -67,5 +83,8 @@ public void writeTo(StreamOutput out) throws IOException { | |||
| super.writeTo(out); | |||
| out.writeOptionalString(realmName); | |||
| out.writeOptionalString(assertionConsumerServiceURL); | |||
| if (out.getVersion().onOrAfter(Version.V_7_5_0)){ | |||
There was a problem hiding this comment.
Suggested change
| if (out.getVersion().onOrAfter(Version.V_7_5_0)){ | |
| if (out.getVersion().onOrAfter(Version.V_7_5_0)) { |
jkakavas
force-pushed
the
handle-relaystate
branch
from
1b7a519 to
7390dcb
Compare
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Sep 25, 2019
This change allows for the caller of the `saml/prepare` API to pass a `relay_state` parameter that will then be part of the redirect URL in the response as the `RelayState` query parameter. The SAML IdP is required to reflect back the value of that relay state when sending a SAML Response. The caller of the APIs can then, when receiving the SAML Response, read and consume the value as it see fit.
jkakavas
added a commit
that referenced
this pull request
Sep 25, 2019
This change allows for the caller of the `saml/prepare` API to pass a `relay_state` parameter that will then be part of the redirect URL in the response as the `RelayState` query parameter. The SAML IdP is required to reflect back the value of that relay state when sending a SAML Response. The caller of the APIs can then, when receiving the SAML Response, read and consume the value as it see fit.
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Sep 25, 2019
Re-enable BWC tests now that elastic#46534 has been backported to 7.x
Merged
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Sep 25, 2019
Re-enable BWC tests now that elastic#46534 has been backported to 7.x
Merged
jkakavas
added a commit
that referenced
this pull request
Sep 25, 2019
Re-enable BWC tests now that #46534 has been backported to 7.x
jkakavas
added a commit
that referenced
this pull request
Sep 25, 2019
Re-enable BWC tests now that #46534 has been backported to 7.x
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Aug 26, 2021
Support for RelayState was introduced in elastic#46534 but the docs were not updated at the time.
jkakavas
added a commit
that referenced
this pull request
Oct 20, 2021
Support for RelayState was introduced in #46534 but the docs were not updated at the time.
jkakavas
added a commit
to jkakavas/elasticsearch
that referenced
this pull request
Oct 20, 2021
Support for RelayState was introduced in elastic#46534 but the docs were not updated at the time.
elasticsearchmachine
pushed a commit
that referenced
this pull request
Oct 20, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change allows for the caller of the
saml/prepareAPI to passa
relay_stateparameter that will then be part of the redirectURL in the response as the
RelayStatequery parameter.The SAML IdP is required to reflect back the value of that relay
state when sending a SAML Response. The caller of the APIs can
then, when receiving the SAML Response, read and consume the value
as it see fit.
Resolves: #46232