github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.16] Log request ID in SAML provider (#211877) (#212217)

Browse source 
# Backport

This will backport the following commits from `main` to `8.16`:
- [Log request ID in SAML provider
(#211877)](https://github.com/elastic/kibana/pull/211877)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jeramy
Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2025-02-24T11:00:06Z","message":"Log
request ID in SAML provider (#211877)\n\n## Summary\n\nThis PR adds
logging of request ID in SAML provider. Having the request\nID assists
in troubleshooting by providing a means to correlate\nauthentication
attempts across Kibana and ES logs.\n\nThe full request ID is logged
because it is not considered sensitive\ninformation - it is a temporary
identifier that is only relevant for a\nsingle authentication
attempt.","sha":"317580fdd56572323195b3fec7bfab226b46fdf6","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:prev-major","v9.1.0"],"title":"Log
request ID in SAML
provider","number":211877,"url":"https://github.com/elastic/kibana/pull/211877","mergeCommit":{"message":"Log
request ID in SAML provider (#211877)\n\n## Summary\n\nThis PR adds
logging of request ID in SAML provider. Having the request\nID assists
in troubleshooting by providing a means to correlate\nauthentication
attempts across Kibana and ES logs.\n\nThe full request ID is logged
because it is not considered sensitive\ninformation - it is a temporary
identifier that is only relevant for a\nsingle authentication
attempt.","sha":"317580fdd56572323195b3fec7bfab226b46fdf6"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211877","number":211877,"mergeCommit":{"message":"Log
request ID in SAML provider (#211877)\n\n## Summary\n\nThis PR adds
logging of request ID in SAML provider. Having the request\nID assists
in troubleshooting by providing a means to correlate\nauthentication
attempts across Kibana and ES logs.\n\nThe full request ID is logged
because it is not considered sensitive\ninformation - it is a temporary
identifier that is only relevant for a\nsingle authentication
attempt.","sha":"317580fdd56572323195b3fec7bfab226b46fdf6"}}]}]
BACKPORT-->

Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
This commit is contained in:
Kibana Machine 2025-02-24 23:57:51 +11:00 committed by GitHub
parent 8c7abdb8ee
commit 16ef475e8a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
x-pack/plugins/security/server/authentication/providers/saml.ts
View file

@ -349,7 +349,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
const isIdPInitiatedLogin = !stateRequestId;
this.logger.debug(
!isIdPInitiatedLogin
? 'Login has been previously initiated by Kibana.'
? `Login has been previously initiated by Kibana, request id ${stateRequestId}.`
: 'Login has been initiated by Identity Provider.'
);
@ -376,7 +376,11 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
},
})) as any;
} catch (err) {
this.logger.error(`Failed to log in with SAML response: ${getDetailedErrorMessage(err)}`);
this.logger.error(
`Failed to log in with SAML response, ${
!isIdPInitiatedLogin ? `request id: ${stateRequestId}, ` : ''
}error: ${getDetailedErrorMessage(err)}`
);
// Since we don't know upfront what realm is targeted by the Identity Provider initiated login
// there is a chance that it failed because of realm mismatch and hence we should return
@ -587,7 +591,9 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
body: preparePayload,
})) as any;
this.logger.debug('Redirecting to Identity Provider with SAML request.');
this.logger.debug(
`Redirecting to Identity Provider with SAML request, request id: ${requestId}`
);
// Store request id in the state so that we can reuse it once we receive `SAMLResponse`.
return AuthenticationResult.redirectTo(redirect, {