Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better error handling when SAML realm is not available under current license #60337

Open
ppf2 opened this issue Mar 16, 2020 · 2 comments
Open

Better error handling when SAML realm is not available under current license #60337

ppf2 opened this issue Mar 16, 2020 · 2 comments
Labels
enhancement New value added to drive a business result Feature:Security/Authentication Platform Security - Authentication good first issue low hanging fruit Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@ppf2
Copy link
Member

ppf2 commented Mar 16, 2020

Currently if the ES license does not allow for SAML realm, Kibana simply throws the error below when launching the base URL for Kibana:

{"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}

The ES logs clearly shows the underlying issue:

[2020-03-16T23:28:12,135][INFO ][o.e.x.s.r.a.s.SamlBaseRestHandler] [node-1] The 'saml' realm is not available under the current license

It will be nice for Kibana to detect this condition and report an intuitive error message to the UI.
@ppf2 ppf2 added the Feature:Security/Authentication Platform Security - Authentication label Mar 16, 2020
@bhavyarm bhavyarm added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Mar 17, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@bhavyarm bhavyarm added the enhancement New value added to drive a business result label Mar 17, 2020
@legrego legrego mentioned this issue Aug 10, 2020
Open
@legrego
Copy link
Member

legrego commented Feb 10, 2021

We could take advantage of the new Login Selector UI to show these options as disabled with a message indicating that they're not currently available. I know it's possible to disable the login selector, but this would be a good first step.

If the login selector is disabled, then we could show that generic "Login is disabled" screen, with a message to contact your administrator. We can report the real issue in the Kibana server logs at that point.

@legrego legrego mentioned this issue Apr 21, 2021
Closed
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Aug 5, 2021
@legrego legrego added the good first issue low hanging fruit label Feb 7, 2022
@legrego legrego removed EnableJiraSync loe:small Small Level of Effort impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. labels Aug 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Security/Authentication Platform Security - Authentication good first issue low hanging fruit Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@legrego @bhavyarm @ppf2 @elasticmachine