JWT token size with

jun · January 31, 2023, 12:08pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch : 2.4.3
dashboard : 2.4.3
security : 2.4.3

Describe the issue:
Hi
I have wrong regarding my OpenID Connect setup with our keycloak.

I am using Opensearch Dashboard for v2.4.3. But I just cannot get it to connect via OpenID - no matter what I seem to do it appears to be stuck in a login loop when JWT token size is too much.

I tested it, but if the size of the JWT token is not large, it is normally authenticated.

When using openid authentication, is it affected by the JWT token size?

Relevant Logs or Screenshots:

AESthetix256 · January 31, 2023, 12:35pm

Hello jun,

could you provide some logs from your OpenSearch installation?

Furthermore, is your problem that using JWT Tokens does not work at all, or just with some - longer - tokens?

BR,
Andreas

pablo · January 31, 2023, 12:47pm

@jun Have a look at this issue in OpenSearch GitHub.

github.com/opensearch-project/security

Handle too large cookies gracefully

opened 06:09PM - 10 Apr 20 UTC

Thoro

enhancement question triaged

**Cookies** in browsers are limited to 4096 bytes. I have had the issue with …SAML Authentication that my auth cookie was > 6000 bytes. The issue was that I passed all assigned groups to kibana via the Role attribute (> 50 groups), limiting the groups resolved the issue for me. But it would be nice for kibana to actually be aware of the 4096 bytes cookie, and figure out a way how to **limit it's size**. Maybe just add the actual backend_groups to the cookie instead of all groups? Similar to #374