OIDC _security/oidc/prepare and _security/oidc/authenticate APIs should return realm name used for authentication
#53161
Labels
>enhancement
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
v7.11.0
v8.0.0-alpha1
Comments
azasypkin
added
>enhancement
:Security/Authentication
|
Pinging @elastic/es-security (:Security/Authentication) |
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 11, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 12, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 12, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 15, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 16, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
that referenced
this issue
Nov 16, 2020
…henticate` APIs responses (#64966) * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 16, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161
BigPandaToo
added a commit
that referenced
this issue
Nov 17, 2020
…adata/{realm} (#65065)
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* [DOCS] Adds API to navigation tree
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 17, 2020
…aml/metadata/{realm} (elastic#65065)
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves elastic#53161
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
* [DOCS] Adds API to navigation tree
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}
Related to elastic#49018
Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 17, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 Co-authored-by: lcawl lcawley@elastic.co elastic#65065 #backport
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 17, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 Co-authored-by: lcawl lcawley@elastic.co elastic#65065 #backport
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 17, 2020
…on to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 Co-authored-by: lcawl lcawley@elastic.co elastic#65065 #backport
BigPandaToo
added a commit
that referenced
this issue
Nov 17, 2020
…adata/{realm} (#65065) (#65158)
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm} (#65065)
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* [DOCS] Adds API to navigation tree
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}
Related to #49018
Co-authored-by: lcawl <lcawley@elastic.co>
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161
Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161
Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport
* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161
Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport
Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Nov 17, 2020
…henticate` APIs responses (elastic#64966) * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo
added a commit
that referenced
this issue
Nov 18, 2020
…henticate` APIs responses (#64966) (#65164) * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo
added a commit
that referenced
this issue
Dec 4, 2020
* This change adds a warning header when a license is about to expire Resolves #60562 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm} Related to #49018 * Adding a warning header when a license is about to expire Resolves #60562 * Addressing the PR feedback * Switching back to adding the header during featureCheck to allow warnings when authentication is disabled as well. Adding filterHeader implementation to SecurityRestFilter exception handling to remove all the warnings if authentication fails. * Changing the wording for "expired" message to be consistent with the log messages; changing "today" calculation; adding a test case for failing authN to make sure we remove the warning header * Small changes in the way we verify header in tests * Nit changes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo
added a commit
to BigPandaToo/elasticsearch
that referenced
this issue
Dec 4, 2020
) * This change adds a warning header when a license is about to expire Resolves elastic#60562 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 * Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm} Related to elastic#49018 * Adding a warning header when a license is about to expire Resolves elastic#60562 * Addressing the PR feedback * Switching back to adding the header during featureCheck to allow warnings when authentication is disabled as well. Adding filterHeader implementation to SecurityRestFilter exception handling to remove all the warnings if authentication fails. * Changing the wording for "expired" message to be consistent with the log messages; changing "today" calculation; adding a test case for failing authN to make sure we remove the warning header * Small changes in the way we verify header in tests * Nit changes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo
added a commit
that referenced
this issue
Dec 5, 2020
) * Adding a warning header when a license is about to expire (#64948) * This change adds a warning header when a license is about to expire Resolves #60562 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves #53161 * Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm} Related to #49018 * Adding a warning header when a license is about to expire Resolves #60562 * Addressing the PR feedback * Switching back to adding the header during featureCheck to allow warnings when authentication is disabled as well. Adding filterHeader implementation to SecurityRestFilter exception handling to remove all the warnings if authentication fails. * Changing the wording for "expired" message to be consistent with the log messages; changing "today" calculation; adding a test case for failing authN to make sure we remove the warning header * Small changes in the way we verify header in tests * Nit changes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Resolving backporting issue: adding copyMapWithRemovedEntry() util function Fixing unused imports Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently responses of
_security/oidc/prepareand_security/oidc/authenticatedon't include realm name. That means that if consumer doesn't provide an optionalrealmparameter they don't know what realm was used to perform authentication.It's not critical, but it'd help Kibana to properly support IdP initiated logins when multiple OIDC realms is enabled.
Related to: #52053
/cc @jkakavas
The text was updated successfully, but these errors were encountered: