Open pheex opened 11 months ago
[Triage] Hi @pheex thank you for filing this issue. @jochen-kressin, could you please follow-up on this since you made the original change to split cookies?
Thank you
I can take care of this one
Hi @pheex!
Could you maybe tell me a bit more about your setup so that I know I'm testing this correctly?
For example, how is the token "delivered" to the JWT authentication in Dashboards?
You do mention opensearch_security.jwt.url_param: "token"
, so is my assumption correct that you are using the url query parameter?
Also, in your opensearch_dashboards.yml - do you have opensearch_security.jwt.enabled: true
?
Thanks!
Hi @scrawfor99,
Working on this now. So do I understand you correctly that we would like to have the exact same behaviour as for OIDC and SAML?
Also, two other questions came up:
schema.maybe
here: https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/index.ts#L225.
Do you know if this is intentional?
I remember we had this for openid as well, but there the user would always have to configure the well-known url, so it wasn't really an issue.Thanks!
Hi @jochen-kressin
Yes, to test simply pass JWT token to the dashboard using query string parameter named "token"
What is the bug? When using JWT auth type, security cookie is too large if JWT token is big, browser refuse to store it (more than 4kb) looks like https://github.com/opensearch-project/security-dashboards-plugin/pull/1352 is not applied to JWT auth type
How can one reproduce the bug? Use this configuration security-config : i use openid config only to get JWKS keyring
opensearch_dashboard.yml
What is the expected behavior? Cookie should be splitted
What is your host/environment? opensearch 2.11.0 opensearch dashboard 2.11.0