search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
188 stars 272 forks source link

Security plugin to support 2 urls for redirection in SAML auth #3811

Closed madhankb closed 9 months ago

madhankb commented 9 months ago

Is your feature request related to a problem? Please describe. When customer is trying to connect a standalone OpenSearch dashboards to a managed service domain, at the moment either managed service OpenSearch dashboards will be up and running or standalone OpenSearch dashboards will be up and running. It is because the security plugin of managed service can have only one URL at the moment.

Describe the solution you'd like If we have the option to configure both the endpoints into security plugin, then customer can switch between managed service OpenSearch dashboards and standalone OpenSearch dashboards

stephen-crawford commented 9 months ago

[Triage] Hi @madhankb, thank you for filing this issue. This sounds like a managed service request; I would recommend filing a request with your contact there.

If you are instead requesting that the opensource project implements this feature please follow up and we can take a closer look at your request.

peternied commented 9 months ago

[Triage] I'm not sure I understand the scenario, when the saml redirects back there can be only one valid place to redirect traffic back to AFAIK. Could you help us understand if this is a supported scenario within the SAML spec and reopen?

madhankb commented 6 months ago

@peternied We are setting up self-managed opensearch dashboards during B/G and connect it with managed service cluster. Now dues to the restriction in configuring only one url, the self-managed dashboards url has to be configured and the managed service dashboards will be unavailable but if we can configure both the endpoints or figure out a way that both the managed service and self-managed dashboards endpoints work at the same time.

peternied commented 6 months ago

@madhankb you have mentioned unmanaged and managed OpenSearch from a cloud service provider. While this codebase flows into many manage services, each service is customized in different ways. Your cloud service providers support channel would be best able to help you with your specific scenario.

If you are using AWS try this link https://aws.amazon.com/contact-us/