Open dai-chen opened 2 years ago
Hello
Any update for this ?
We activate SAML on our AWS Opensearch cluster and we have the same issue.
Hello
Any update for this ?
We activate SAML on our AWS Opensearch cluster and we have the same issue.
Thanks for reporting the issue! Unfortunately, we haven't worked on this yet.
@acarbonetto Could you take a look when you have time? See if we can add this to our roadmap. Thanks!
Hello
Any updates on this issue?
We faced the same issue as well when we enabled OIDC along with basic authentication having (challenge: false
).
Is your feature request related to a problem? Currently basic auth is non-preemptive that expect an authenticate header (
WWW-Authenticate: Basic ...
) from the server. There is problem when server responds something else, for example, an OpenSearch cluster with SAML enabled returnsWWW-Authenticate: X-Security-IdP
instead. This fails the basic auth request with a 401 HTTP error.What solution would you like? One solution is switch to preemptive auth and enforce it all the time. The impact of this needs to be evaluated carefully.
What alternatives have you considered? Alternatively, provide a configuration for user to choose which auth mode to use. This may be safer and more flexible option compared with enforcing preemptive auth.
Do you have any additional context?