Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] SAML endpoint still using _opendistro instead of _plugins #842

Closed
spicycanary91 opened this issue Oct 5, 2021 · 2 comments
Closed

[BUG] SAML endpoint still using _opendistro instead of _plugins #842

spicycanary91 opened this issue Oct 5, 2021 · 2 comments
Labels
bug Something isn't working

Comments

@spicycanary91
Copy link

Describe the bug

Opensearch-Desktop does not operate as expected using saml authentication. It is still referring to the _opendistro endpoint instead of the _plugins endpoint.
The documentation link explains to use the /_plugins/_security/saml/acs endpoint to whitelist / configure sp metadata in the idp. This does not work at the moment. Dashboards produces a saml request using opendistro endpoints instead: https://dashboards.domain.com/_plugins/_security/saml/acs
This causes a browser error:
{ statusCode: 400, error: "Bad Request", message: "Request must contain a osd-xsrf header." }
The idp logs an error since the opendistro endpoint does not exist in it's configuration:
auth request:AssertionConsumerServiceURL="https://dashboards.domain.com/_opendistro/_security/saml/acs"

However, configuring everything the opendistro way somewhat works. It causes 401 errors when trying to refresh the cookie at times but initial authentication works.

To Reproduce
Migrate from latest opendistro to opensearch 1.0.1 (In this case using the the official docker containers).
Configure saml integration as per new plugin documentation.
Check saml assertion in browser using the "SAML message decoder" extension.
Notice that it referrers to the _opendistro endpoint and not the _plugins endpoint.

Expected behavior
SAML to use the /_plugins/_security/saml/acs endpoint instead of the /_opendistro/_security/saml/acs one as described in the documentation.

OpenSearch Version
docker 1.0.1
Dashboards Version
docker 1.0.1
Plugins
as per docker 1.0.1
Please list all plugins currently enabled.
default docker setup

Host/Environment (please complete the following information):

  • OS: docker image
  • Browser and version: Chrome 94

Additional context

We have a discussion in the forum about this and saml related issues
https://discuss.opendistrocommunity.dev/t/saml-cookie-refresh-sso-redirect-issue-worked-before-upgrade
@spicycanary91 spicycanary91 added bug Something isn't working untriaged labels Oct 5, 2021
@spicycanary91 spicycanary91 changed the title [BUG] [BUG] SAML endpoint still using _opendistro Oct 5, 2021
@spicycanary91 spicycanary91 changed the title [BUG] SAML endpoint still using _opendistro [BUG] SAML endpoint still using _opendistro instead of _plugins Oct 5, 2021
@kavilla
Copy link
Member

kavilla commented Oct 5, 2021

Hello @spicycanary91,

Although that header comes from this project this is related to security plugin.

@opensearch-project/admin could you re-route this to https://github.com/opensearch-project/security-dashboards-plugin

@spicycanary91
Copy link
Author

Thank you!

Not a problem. Moved to
opensearch-project/security-dashboards-plugin#836

AMoo-Miki pushed a commit to AMoo-Miki/OpenSearch-Dashboards that referenced this issue Feb 10, 2022
@rshen91
fix(annotation): annotation rendering with no yDomain or groupId (ope…
6bad0d7 
…nsearch-project#842)

fixes opensearch-project#438, opensearch-project#798
Co-authored-by: nickofthyme <[email protected]>
AMoo-Miki pushed a commit to AMoo-Miki/OpenSearch-Dashboards that referenced this issue Feb 10, 2022
@semantic-release-bot
chore(release): 24.0.0 [skip ci]
3b372d8 
# [24.0.0](elastic/elastic-charts@v23.2.1...v24.0.0) (2020-10-19)

### Bug Fixes

* **annotation:** annotation rendering with no yDomain or groupId ([opensearch-project#842](elastic/elastic-charts#842)) ([6bad0d7](elastic/elastic-charts@6bad0d7)), closes [opensearch-project#438](elastic/elastic-charts#438) [opensearch-project#798](elastic/elastic-charts#798)

### Features

* **bar_chart:** add Alignment offset to value labels ([opensearch-project#784](elastic/elastic-charts#784)) ([106d924](elastic/elastic-charts@106d924))
* **bar_chart:** add shadow prop for value labels ([opensearch-project#785](elastic/elastic-charts#785)) ([de95b44](elastic/elastic-charts@de95b44))
* **bar_chart:** scaled font size for value labels ([opensearch-project#789](elastic/elastic-charts#789)) ([8b74a9d](elastic/elastic-charts@8b74a9d)), closes [opensearch-project#788](elastic/elastic-charts#788)
* **heatmap:** allow fixed right margin ([opensearch-project#873](elastic/elastic-charts#873)) ([dd34574](elastic/elastic-charts@dd34574))

### BREAKING CHANGES

* **bar_chart:** The `DisplayValueStyle` `fontSize` property can now express an upper and lower bound as size, used for the automatic scaling.
* **bar_chart:** The `DisplayValueStyle` `fill` property can now express a border color and width, or let the library pick the best match based on contrast using the textInvertible parameter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshuarrrr @kavilla @spicycanary91