2.2 release bug fixes

infodata · August 3, 2022, 5:59pm

Hello

github.com/opensearch-project/security-dashboards-plugin

Replace _opendistro route with _plugins

opensearch-project:main ← pc-jedi:fix-routes

opened 11:05AM - 31 Jan 22 UTC

pc-jedi

+10 -13

### Description In the documentation for [SAML](https://opensearch.org/docs/lat…est/security-plugin/configuration/saml/#opensearch-dashboards-configuration) the SSO URL and the white listed URL is already updated to `_plugins/_security` while the routes in the security plugin still are on `_opendistro/_security`. That causes a 404 response when trying to login. This PR changes the route in the plugin and aligns with the documentation. ### Category Bug fix and Documentation ### Why these changes are required? To align with the new naming schema and have it working like it is documented. ### What is the old behavior before changes and new behavior after changes? Before this PR the whitelisted URLs for SSO have to be set to `_opendistro/_security/..` also the configuration in the IdP to forward to the correct endpoint had to be `_security/saml/acs`. New behavior is that the URLs are now aligned with the documentation. ### Issues Resolved #836 ### Testing [Please provide details of testing done: unit testing, integration testing and manual testing] ### Check List - [ ] New functionality includes testing - [x] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

Im checking if saml bug (2.1.0) fix is included in 2.2.0 release ?

2.2.0 freeze aug 4th release aug 11th

infodata · August 4, 2022, 1:56pm

anyone tracking releases bug fixes ?

cliu123 · August 9, 2022, 4:56pm

Thanks for bringing this up! This SAML endpoint change would break existing SAML setup with the old endpoint(_opendistro), so it needs to be in 3.0.0 as a breaking change.

kris · August 9, 2022, 6:08pm

thanks for bringing this up @infodata - we’re speaking with the engineering team to answer appropriately

infodata · August 10, 2022, 4:00pm

thx for update ,
see newer 2.x release versions later as well
those who need saml they should stay on 2.0.1 and better to upgrade 3.x in 2023 ?

cwperks · August 10, 2022, 6:14pm

@infodata the linked PR in the opening post is being reverted for the 2.2 release to use the _opendistro/_security/... endpoints to maintain SAML support. The change to support _plugins/_security/... is targeted for the 3.0.0 release.

infodata · August 10, 2022, 6:25pm

hello
do you mean 2.2 release will have saml working ?
thx for reply

cwperks · August 10, 2022, 6:50pm

@infodata Yes, a regression was introduced in the 2.1 release because of a change in the route. This PR reverts the change that introduced the regression. Documentation is being updated accordingly and the route change is targeted for the 3.0.0 release.