Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] OpenID redirects to "/" after upgrading opensearch to 2.12.0 #1897

Closed
RobinAdvens opened this issue Apr 15, 2024 · 6 comments
Closed

[BUG] OpenID redirects to "/" after upgrading opensearch to 2.12.0 #1897

RobinAdvens opened this issue Apr 15, 2024 · 6 comments
Assignees
@cwperks
Labels
bug Something isn't working triaged v2.15.0

Comments

@RobinAdvens
Copy link

Describe the bug
Since I upgraded from 2.11.1 to 2.12.0, I encounter a bug in redirection with openID (keycloak) at the end of authentification process.

Fom https://myUrl.com/clusterName/app/login I click on log in with single sign-on which redirect to https://myUrl.com/clusterName/auth/openid/captureUrlFragment?nextUrl=%2F then at the end of the authentication I'm redirected to https://myUrl.com/ instead of https://myUrl.com/clusterName/

I don't have issue if I tried to connect from an other path, for example if I tried to connect to https://myUrl.com/clusterName/app/home, I'll be redirected to https://myUrl.com/clusterName/app/login?nextUrl=%2FclusterName%2Fapp%2Fhome and then my url for ipd is https://myUrl.com/clusterName/auth/openid/captureUrlFragment?nextUrl=%2FclusterName%2Fapp%2Fhome

When I was in 2.11.1, opensearch was giving me https://myUrl.com/clusterName/auth/openid/login url for keycloack and everything was working perfectly.

I'm using opensearch with opensearch operator on kubernetes.

OpenSearch Version
OpenSearch and OpenSearch-dashboard are both in 2.12.0 and 2.13.0
opensearch-operator is in 2.4.0

Additional context
Par of my dashboards-config :

opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.cookie.secure: true
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true
opensearch_security.openid.base_redirect_url: https://myUrl.com/clusterName/
opensearch_security.openid.client_id: ops-clusterName
opensearch_security.openid.connect_url: https://idp.myUrl.com/realms/broker/.well-known/openid-configuration
opensearch_security.openid.header: Authorization
opensearch_security.openid.refresh_tokens: true
opensearch_security.openid.scope: openid profile email
opensearch_security.session.keepalive: true
server.basePath: /clusterName
server.name: clusterName-dashboards
server.rewriteBasePath: true
@RobinAdvens RobinAdvens added bug Something isn't working untriaged labels Apr 15, 2024
@uranru
Copy link

uranru commented Apr 16, 2024

I have a similar problem with version 2.13

@ananzh
Copy link
Member

ananzh commented Apr 16, 2024

The redirection error suggests that the application might be ignoring or incorrectly processing the basePath or base_redirect_url after authentication. I don't think we update anything for basePath. For opensearch_security.openid.base_redirect_url, this is to ensure that after authentication, the user is redirected back to the right base URL, which includes the cluster name.

@ananzh
Copy link
Member

ananzh commented Apr 16, 2024

@opensearch-project/admin could you help us to redirect it to the security team?

@ananzh ananzh removed the untriaged label Apr 16, 2024
@bbarani bbarani transferred this issue from opensearch-project/OpenSearch-Dashboards Apr 17, 2024
@cwperks cwperks transferred this issue from opensearch-project/security Apr 18, 2024
@cwperks
Copy link
Member

cwperks commented Apr 18, 2024

Looks like a regression introduced by #1563

Taking a look. Also related: #1823

@cwperks cwperks self-assigned this Apr 18, 2024
@cwperks cwperks mentioned this issue Apr 18, 2024
Merged
3 tasks
@stephen-crawford
Copy link
Collaborator

[Triage] Hi @RobinAdvens thank you for filing this issue. Looks like #1899 will resolve this issue. We can close this when that PR is merged.

@derek-ho
Copy link
Collaborator

#1899 was merged

@ericsmalling ericsmalling mentioned this issue Jun 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwperks cwperks

Labels
bug Something isn't working triaged v2.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@cwperks @derek-ho @uranru @stephen-crawford @ananzh @RobinAdvens