Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] SamlAuthenticator expects exchange_key to be Base64 encoded #3604

Closed
2 tasks
DarshitChanpura opened this issue Oct 26, 2023 · 0 comments · Fixed by #3605
Closed
2 tasks

[BUG] SamlAuthenticator expects exchange_key to be Base64 encoded #3604

DarshitChanpura opened this issue Oct 26, 2023 · 0 comments · Fixed by #3605
Assignees
@DarshitChanpura
Labels
bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized

Comments

@DarshitChanpura
Copy link
Member

What is the bug?

The new library switch from cxf to nimbus introduced a change in behavior of the format a key is accepted in. Prior to this change, the key didn't need to be base 64 encoded but with this change.

in 2.11 we don’t expect it to be encoded: https://github.com/opensearch-project/security/blob/2.11/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java#L255
in main/2.x we expect it to be encoded: https://github.com/opensearch-project/security/blob/2.x/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java#L255

This implies the library switch PR introduced a breaking change.

How can one reproduce the bug?
Steps to reproduce the behavior:
0. Start Opensearch and Opensearch Dashboards with security plugin installed.

  1. Run saml_auth.test.ts without base64 encoded exchange key
  2. You'll see an exception in opensearch logs: nested: IllegalArgumentException[Illegal base64 character 2d]; Full error logs here.

What is the expected behavior?
Should work without base-64 encoded exchange key.

Exit Criteria:
@DarshitChanpura DarshitChanpura added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Oct 26, 2023
@DarshitChanpura DarshitChanpura mentioned this issue Oct 26, 2023
Merged
2 tasks
@DarshitChanpura DarshitChanpura self-assigned this Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DarshitChanpura DarshitChanpura

Labels
bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove unneeded decoding from AuthTokenProcessorHandler DarshitChanpura/security
1 participant
@DarshitChanpura