Desvelao
commented
2 years ago Research
The problem could be related to the user session expired and when the user does some action that causes a request to the Kibana server, the response is one with the status 401. This triggers the redirections.
For Wazuh dashboard or Kibana with Open Distro for Elasticsearch, the default session expiration time is 1h.
Replication
- Prerequisites:
0.1. Kibana with Open Distro for Elasticsearch and security enabled. Add the next settings to the
kibana.ymlconfiguration file:opendistro_security.cookie.ttl: 60000 opendistro_security.session.ttl: 60000This configuration sets the sessition expiration time to
60s.
0.2. Restart the Kibana service to applying the changes
- Login to Kibana and go to the plugin of Wazuh to the
Modules/Modules directory - Don't interact with the plugin. Wait for at least 60s, that is the time the session expires. To be sure, add some seconds. Use a timer to control the time.
- Open the main menu of the Wazuh plugin and see the browser URL bar, it should change constantly creating a loop. A redirection to the login page could happen eventually.
The first request has status
401due the session expired.
Note:
If you take too long to interact with the plugin after waiting the required time, the page could redirects without interaction. It seems it could be caused to a request done and the response has status 401 and redirecting for some mechanins to the login page.
This was replicated with:
- Kibana 7.10.2 with Open Distro for Elastiseach
- Last package for Wazuh
4.3.0-7.10.2
Description Wazuh Dashboard gets stuck in a loop after being idle and getting back to it. Attached gif for reference:
It is not loading anything and it enters in a loop between the
health-checkand thesettingscall.Either we are not handling properly the token expiration of the Wazuh API or the expiration logout time.
Preconditions Open Wazuh Dashboard, be idle for a while, and get back to the panel and try to click on somewhere.
Steps to reproduce Click on anywhere.