Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OSE and OSD version: 2.15 (didnt work with 2.13 and 2.14 either)
Browser: Vivaldi
Describe the issue:
User is forced to relogin after browser is closed.
Similar to a recent issue
These options seems to be ignored
‘opensearch_security.cookie.ttl: 86400000’
‘opensearch_security.session.ttl: 86400000’
‘opensearch_security.session.keepalive: true’
I have no issue with frequent logouts, but with that that cookie is set as “session cookie” regardless of what I configure. This also happens when local account is used - only difference is that wiht local login there is one cookie set: security_authentication
With oidc login there is security_authentication AND security_authentication_oidc1.
In both cases the cookie is deleted after browser is closed. If I modify expiration date of cookie, everything work after closing and reopening the browser.
I’ve tried Chrome and Firefox as well :(.
There might be a difference between SAML and OIDC auth flow e.g. SAML might be fixed, but OIDC might not be - at least it looks like it.
I did some more digging and it looks like the values above are not respected when integrating with Azure SAML, you will have to look at the IDP to see if you can adjust TTL.