-
Notifications
You must be signed in to change notification settings - Fork 918
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG][2.11] Home fails to load if OS Security plugin installed and OSD Security plugin _not_ installed #5562
Comments
Full error on OSD Server log :
|
@pjfitzgibbons This is as intended unless you disable security or run in SSL only mode. Saved objects are stored in a See demo config in the developer guide for security-dashboards-plugin for setting up the security-dashboards-plugin here. |
OSD config/opensearch_dashboards.yml was :
even with this config, if you want to replicate this error, verify the config is working with OS/OSD security plugins installed, then remove the OSD security plugin. |
Also this change in OS Security plugin 2.11 may have effected this This behavour may indeed be "as intended". My fear is that this change is "new" for 2.11, is a significant behavioral change for Opensearch 2.11, and the community has not been widely informed of the change. |
@pjfitzgibbons I figured out what fixes the issue, but not sure I quite fully understand yet why the browser isn't challenging to the basic auth creds. The difference between 2.11.0 and 2.10.0 is that the body of challenge response contained Line where the challenge response is created in 2.11.0 (note the empty string param at the end): https://github.com/opensearch-project/security/blob/2.11/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java#L68-L73 Same line in 2.10.0: https://github.com/opensearch-project/security/blob/2.10/src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java#L69 The challenge works when going to OpenSearch directly. Its only an issue with OSD. Looks like hapi is having issues with the empty body:
|
Describe the bug
A clear and concise description of what the bug is.
When OS Security plugin is installed, and OSD Security plugin is not installed,
OSD homepage (and any page) fails to load
Browser displays :
{"statusCode":401,"error":"Unauthorized","message":"Response Error"}
OSD Server log includes :
(full error in comment below)
To Reproduce
Steps to reproduce the behavior:
yarn start
Expected behavior
Homepage and any page should load without error
OpenSearch Version
OS 2.11
Dashboards Version
OSD 2.11
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: