Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.12.0
Describe the issue:
Is this Azure idp SAML expiration resolved in new OS? I’m using version 2.12.0 and Azure idp SAML, with SSO session gets expired after some times and needs log in. these are my dashboard.yml:
opensearch_security.cookie.ttl: 604800000 opensearch_security.session.ttl: 604800000 opensearch_security.session.keepalive: true
and in security config.yml file for saml_auth_domain, sp section I set:
sp:
forceAuthn: false
what should I do to extend session expiration to aviod relogin?
besides that anyone can help me how to decipher security_authentication_saml1, security_authentication token (btw I do not want to use log for seeing inside token, I already did it), as far as I know OS cahnges SAML response with light weight jwt and encrypt it with the exchange_key, but I could not decipher it with follwing python script:
import hashlib
import hmac
import json
def base64_url_decode(input):
input += '=' * (4 - (len(input) % 4))
return base64.urlsafe_b64decode(input)
def decode_jwt(token, key):
try:
header_b64, payload_b64, signature_b64 = token.split('.')
header = json.loads(base64_url_decode(header_b64).decode('utf-8'))
payload = json.loads(base64_url_decode(payload_b64).decode('utf-8'))
message = f"{header_b64}.{payload_b64}".encode('utf-8')
expected_signature = base64_url_decode(signature_b64)
computed_signature = hmac.new(key.encode('utf-8'), message, hashlib.sha256).digest()
if not hmac.compare_digest(expected_signature, computed_signature):
raise ValueError("Invalid token signature")
return payload
except Exception as e:
print("Error decoding the token:", str(e))
return None
exchange_key = "...=="
token = "Fe26.2**c8ab634f300f834bc5db597554f904ca2117fdbff85afa1bff2bac1290ab779e*pL-KTe0QtxtJGjN5FSLbMw*X2s..."
decrypted_message = decode_jwt(token, exchange_key)
if decrypted_message:
print("Decrypted message:", json.dumps(decrypted_message, indent=2))
else:
print("Failed to decode the token.")```