[Security] Use refresh token for any access token error with 401 status code and re-initiate SAML handshake for any refresh token error with 400 status code #33646
Labels
enhancement
New value added to drive a business result
Feature:Security/Authentication
Platform Security - Authentication
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
azasypkin
added
Team:Security
|
Pinging @elastic/kibana-security |
azasypkin
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently Kibana tries to use refresh token only if it gets access token error with
token expireddescription and also automatically re-initiates SAML handshake only if refreshing fails with one of these errors, otherwise we just return error to the user:Based on conversations in elastic/elasticsearch#39808 (comment) and #22905 (comment) it seems it'd make sense to NOT analyze specific reason (
error_descriptionorreasonfields of the error) and try to use refresh token for any access token error with 401 status code and re-initiate SAML handshake for any refresh token error with 400 status code.Depends on elastic/elasticsearch#38866(we added a special handling of 500 error with a specific error message that we'll get rid of once ES issue is resolved)Fixes #22905
The text was updated successfully, but these errors were encountered: