I’m using kibana with SAML authentication.
For some reason when the user logs in, I get a security_authentication cookie on my browser but the expiry time is set to 1h from the login time.
This means 1h after I logged in, regardless of using or not kibana in between, my session expires.
Is there any way to have this cookie expiration update on every request?
If I’m actively using kibana (or using automatic refreshes) I would expect my session to not expire.
Looking at security-kibana-plugin/Saml.js at 88f7dd343e53fabc466f92b90a9165db105d9b7b · opendistro-for-elasticsearch/security-kibana-plugin · GitHub I can see the following:
if (tokenPayload.exp) {
// The token's exp value trumps the config setting
this.sessionKeepAlive = false;
session.exp = parseInt(tokenPayload.exp, 10);
} else if(this.sessionTTL) {
session.expiryTime = Date.now() + this.sessionTTL
}
but regardless of which settings I use I don’t get my cookie extended.
Also looking at Kibana authentication | Search Guard | Security for Elasticsearch (which I believe is the base for this plugin) it mentions:
searchguard.session.keepalive boolean, if set to true the session lifetime is extended by searchguard.session.ttl upon each request. Default: true
has anybody been able to setup keepalive so every new request refreshes the security cookie?