Closed bizybot closed 5 years ago
Pinging @elastic/es-security
@jkakavas do you think #39948 might have caused this intermittent failure?
Yes probably, I'll look into it
The error means that the browser got a 200
when submitting the form instead of a 302
to the consent page.
This can happen in a few cases :
200
would contain Javascript to make the browser POST
the SAMLResponse
back to the mock - SP. )Not sure what happened here and this doesn't reproduce locally so I'll push a commit to print the HttpEntity that is returned with that 200 to get more insights
I added a log entry in https://github.com/elastic/elasticsearch/commit/18d6499432b0975a5163149476ee5202625c1da3, next time this happens we can see what the issue is and resolve it
This failed in a PR : https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+pull-request-2/10043/console and it looks like the reason is
The SAML Response would contain no attributes so consent is not required
The reason is that the following two values are supposed to be set in milliseconds (not seconds :/ ) and the attribute resolving phase was timing out while the authentication was successful.
idp.attribute.resolver.LDAP.connectTimeout = 5
idp.attribute.resolver.LDAP.responseTimeout = 5
SamlAuthenticatorIT. testLoginUserWithAuthorizingRealm failed on https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+master+multijob-unix-compatibility/os=ubuntu-16.04&&immutable/297/console
https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+7.x+multijob-unix-compatibility/os=ubuntu-14.04&&immutable/71/console
Locally could not reproduce on 7.x or master with following command: For master:
For 7.x:
@jkakavas do you think https://github.com/elastic/elasticsearch/pull/39948 might have caused this intermittent failure?