The plugin then redirects to /app/home location with the same cookie getting in above steps. But its redirecting to keycloak page for authentication - so that means its not considering the cookie valid and not considering that authentication is already done.
The same plugin and its flow worked absolutely fine with opendistro-1.9 with Kibana 7.8.0. We see the issue from opendistro-1.13 and it continues with Opensearch 1.x releases.
If we modify the security plugin code - precisely getCookie method in openid authentication - security-dashboards-plugin/openid_auth.ts to add an extra parameter expires_at in the cookie parameters - that works fine and does not again ask for authentication on accessing /app/home as the cookie is valid.
When we normally login to Opensearch-dashboards UI, it redirects to keycloak for authentication and then redirects to /app/home.
But with internal calls from the plugin, even though authentication was successful, cookie is created with lesser parameters - as a result, it fails to work as expected.
Can you help us understand the root cause of this issue and how can we solve this?
@pablo No, I haven’t tested this with 2.3.0?
Do you see this as an issue in 1.x and any particular change made in 2.3.0 might have solved this?
I am still moving from Opendistro 1.9 to Opendistro 1.13/Opensearch-1.x in my application and cannot directly move to Opensearch 2.x. I still need to be able to support this functionality with 1.x before upgrading to 2.x.
Any inputs on this will be much appreciated…