Query param security_tenant is lost when forwarding to openid

faxmodem · November 29, 2024, 3:54pm

Using OpenSearch/Dashboards 2.18 we have the following issue that we didn’t have before upgrading from 2.11 : using openid connect, the query parameters do not seem to be forwarded to keycloak. This causes problems when linking to dashboards in a specific tenant because the security_tenant query parameter is lost. When checking with curl -I to see what happens to the headers, here is what we see:

In 2.11:

location: /auth/openid/login?nextUrl=%2Fgoto%2F72f15fe59c66240e4e1602041b7b33a7%3Fsecurity_tenant%3Dfoo&security_tenant=

In 2.18:

location: /auth/openid/captureUrlFragment?nextUrl=/goto/72f15fe59c66240e4e1602041b7b33a7

pablo · November 29, 2024, 11:16pm

@faxmodem Could you share your current config.yml?
What is the Keycloak version?

cwperks · December 10, 2024, 9:03pm

This PR should resolve the issue in 2.19: Preserve Query in nextUrl during openid login redirect by KleinSebastian · Pull Request #2140 · opensearch-project/security-dashboards-plugin · GitHub

Topic		Replies	Views
Authorization issue using OpenID (Keycloak) Security	17	1325	November 13, 2023
Dashboard not showing login page with openid and keycloak on AWS Security troubleshoot , configure	7	1184	October 11, 2022
Short URLs no longer seem to honor the security_tenant designation, produces 404 error OpenSearch	1	229	July 28, 2022
OpenSearch Dashboards returning 401 error when using Keycloak as IDP Security	11	3551	August 15, 2023
Infinite redirect loop when trying to secure Opensearch with a keycloak located in the same cluster Security	9	1327	May 31, 2024

Query param security_tenant is lost when forwarding to openid

Related topics