github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

Log request ID in SAML provider (#211877)

Browse source 
## Summary

This PR adds logging of request ID in SAML provider. Having the request
ID assists in troubleshooting by providing a means to correlate
authentication attempts across Kibana and ES logs.

The full request ID is logged because it is not considered sensitive
information - it is a temporary identifier that is only relevant for a
single authentication attempt.
This commit is contained in:
Jeramy Soucy 2025-02-24 12:00:06 +01:00 committed by GitHub
parent 01a850793d
commit 317580fdd5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
x-pack/platform/plugins/shared/security/server/authentication/providers/saml.ts
View file

@ -349,7 +349,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
const isIdPInitiatedLogin = !stateRequestId;
this.logger.debug(
!isIdPInitiatedLogin
? 'Login has been previously initiated by Kibana.'
? `Login has been previously initiated by Kibana, request id ${stateRequestId}.`
: 'Login has been initiated by Identity Provider.'
);
@ -376,7 +376,11 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
},
})) as any;
} catch (err) {
this.logger.error(`Failed to log in with SAML response: ${getDetailedErrorMessage(err)}`);
this.logger.error(
`Failed to log in with SAML response, ${
!isIdPInitiatedLogin ? `request id: ${stateRequestId}, ` : ''
}error: ${getDetailedErrorMessage(err)}`
);
// Since we don't know upfront what realm is targeted by the Identity Provider initiated login
// there is a chance that it failed because of realm mismatch and hence we should return
@ -587,7 +591,9 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
body: preparePayload,
})) as any;
this.logger.debug('Redirecting to Identity Provider with SAML request.');
this.logger.debug(
`Redirecting to Identity Provider with SAML request, request id: ${requestId}`
);
// Store request id in the state so that we can reuse it once we receive `SAMLResponse`.
return AuthenticationResult.redirectTo(redirect, {