security-dashboards-plugin icon indicating copy to clipboard operation
security-dashboards-plugin copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

[BUG] OIDC authentication not working when OIDC server not available at init time

Open sebastien-prudhomme opened this issue 2 years ago • 2 comments

What is the bug? OIDC authentication not working if OIDC server was not available when the dashboard application is launched but is available after.

How can one reproduce the bug? Steps to reproduce the behavior:

  1. Configure dashboard for OIDC authentication
  2. Stop the OIDC server
  3. Launch dashboard application

In logs:

{"type":"log","@timestamp":"2023-02-14T10:44:48Z","tags":["warning","environment"],"pid":1,"message":"Detected an unhandled Promise rejection.\nError: Failed when trying to obtain the endpoints from your IdP"}

  1. Start the OIDC server
  2. Try to connect to the dashboard with a web browser: HTTP error 401 Unauthorized

What is the expected behavior? The plugin should handle the fact that the OIDC server is not available and should retry obtaining the OIDC endpoints in phase other than the "init" phase.

sebastien-prudhomme avatar Feb 16 '23 09:02 sebastien-prudhomme

[Triage] @RyanL1997 Could you please try to replicate this issue?

cwperks avatar Feb 20 '23 20:02 cwperks

Hi @sebastien-prudhomme , thanks for filing this issue! I believe this is one of the behaviors for now.. so hopefully we should have a good IDP server before we run the dashboards with external provider/multi-auth. But, if there is any strong use cases for implementing this, we are happy to transfer this issue into a feature request. :)

RyanL1997 avatar Mar 23 '23 23:03 RyanL1997