Comments (12)
The Opendistro docs for this plugin are sparse to say the least, but there are existing options for timeouts already.
In kibana.yml
:
opendistro_security.cookie.ttl
| Integer, lifetime of the cookie in milliseconds. Can be set to 0 for session cookie. Default: 1 hour
opendistro_security.session.ttl
| Integer, lifetime of the session in milliseconds. If set, the user is prompted to log in again after the configured time, regardless of the cookie. Default: 1 hour
opendistro_security.session.keepalive
| boolean, if set to true the session lifetime is extended by opendistro_security.session.ttl
upon each request. Default: true
from security-dashboards-plugin.
Please give me an advise how to solve this bug quickly???
from security-dashboards-plugin.
The issue is still present =(
from security-dashboards-plugin.
Upvote... can we get some attention on this? We use OpenID Connect and the ODFE Security Plugin does not handle the session extension/timeout properly at all
from security-dashboards-plugin.
It's opensearch_security
. as defined by the configPath
https://github.com/opensearch-project/security-dashboards-plugin/blob/main/opensearch_dashboards.json
Options are defined here: https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/index.ts
opensearch_security.cookie.ttl
opensearch_security.session.ttl
opensearch_security.session.keepalive
from security-dashboards-plugin.
Hello, I have the same issue with the expiring session time in Kibana. However, I have set options to keep session for 24 hours in kibana.yml
opendistro_security.cookie.ttl: 86400000
opendistro_security.session.ttl: 86400000
opendistro_security.session.keepalive: true
Could you please help with this issue?
from security-dashboards-plugin.
I experience the same issue, I have set the ttls for 7 days. I am using SAML authentication and the IDP session is 14 days. However, Kibana continues to logout users after 1 hour
from security-dashboards-plugin.
Is opendistro still active? If not, please update you main README.md to mark it as abandoned.
from security-dashboards-plugin.
We use OpenID and we are seeing this as well. We've set the TTL on our IDP to 5 minutes. A tcpdump shows traffic to the IDP 5 minutes after being logged in, but the user can no longer access to anything. This is really disturbing from a user experience. Your are still logged in, no warning about your session being expired, but you don't have access to anything.
So I guess there are two issues here :
- Security Plugin does not handle the session extension/timeout properly
- The user is not logged out when session expires (or no warning/messages)
from security-dashboards-plugin.
same here . still logout over 1h
from security-dashboards-plugin.
I don't see any documentation or source code supporting these options. Feel free to correct me if I'm wrong.
opendistro_security.cookie.ttl
opendistro_security.session.ttl
opendistro_security.session.keepalive
from security-dashboards-plugin.
@AlexShuraits I had issues with SAML as well. My IDP's timeout is not being honored by OpenSearch and I had to manually set it.
More details here: #159 (comment)
from security-dashboards-plugin.
Related Issues (20)
- [MDS] Consolidate cypress tests HOT 1
- opensearch_security.multitenancy.tenants.preferred does not take effect HOT 1
- [BUG] CodeCov is hanging for linux HOT 1
- [BUG] MDS disabled API calls don't work
- [BUG] Anonymous Login nextUrl parameter gets dropped HOT 1
- [BUG] OIDC cypress tests failing due to upstream change HOT 1
- [BUG] Auth, Roles, Permissions, Users Tabs break when no datasource passed in via URL HOT 1
- [BUG] Tenant Tab behavior when Local Cluster is disabled HOT 5
- [BUG] [MDS] No available datasources or illegal datasource crashes the plugin HOT 5
- [FEATURE] Create a E2E cypress test for OIDC refresh token workflow HOT 1
- [RFC] Run or transfer full FTR tests to security dashboards plugin repo HOT 1
- [RELEASE] Release version 2.15.0 HOT 1
- [FEATURE] Re-enter password text-box should highlight whether passwords match. HOT 3
- [FEATURE] Add a view button for password input text-box HOT 3
- [BUG] Tenant selection drop-down should be disabled when custom tenant is disabled HOT 1
- Redirect back to the originally-requested url after authentication with SSO - OIDC HOT 4
- Cannot Start Opensearch Dashboard HOT 7
- [BUG] Global tenant requires '.kibana*' and '.opensearch_dashboards*' read index permission HOT 4
- [FEATURE] Automatically login as anonymous HOT 5
- [FEATURE] [RFC] Feature flag/Split security dashboards plugin into two plugins HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.