Logout when following a short link from web messengers

Support request

ROR Version: 1.43.0_es7.15.1 enterprise, Enterprise 1.49.1_es7.15.1

Kibana Version: 7.15.1

Elasticsearch Version: 7.15.1

Steps to reproduce the issue
Open the web version of the messenger in your default browser. For example:


Send a message with a short link to kibana
Click on the link, you will be logged out in Kibana, and following the link you will be taken to the authorization window.

If the link is copied and pasted, the error does not reproduce.
Very similar to the problem with Adblock, maybe related.

Actual Result:
Must be logged into Kibana as authorized. Since I logged in to the system earlier.

I can’t create a ticket in the Enterprise Support category, I see the error:
An error occurred: You are not permitted to view the requested resource.

{“customer_id”: “6c4a385b-2ae8-4f02-a9cd-ef24addfb5b3”, “subscription_id”: “32d4073f-dc2f-4056-a868-842727c637cd”}

Adblock problem

Thank you @driveirk for reporting. We’ll try to reproduce this.
I have flagged your user as Enterprise in the forum, so we give you the right priority.

Were you able to reproduce the error or did you encounter any difficulties? Maybe I can help?

Hi @driveirk,

We are a bit busy with support, sorry for the wait. In the meantime, can you tell us how do user get authenticated in ROR in your environment? Some ACL and kibana.yml are appreciated.

Would be useful if you can simplify the test case as follows:

  • does it work ok if link is sent via email?
  • does It works ok clicking on a < a href=“http://…shortlink…”> HTML tag in a random dummy test.html local page?
  • the issue ONLY involves short links? All is fine with non shortened links?
  • does it work ok if link is sent via email?

The problem is reproducible. Use ya.ru and https://outlook.office.com/

  • does It works ok clicking on a < a href=“http://…shortlink…”> HTML tag in a random dummy test.html local page?

It was not possible to reproduce it locally, installed Nginx on the server and added the html file there. And there it was reproduced.

  • the issue ONLY involves short links? All is fine with non shortened links?

With any links.


    audit_collector: true
    audit_serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer
    audit_index_template: "'.kcs-readonlyrest-audit-xcs'-yyyy-MM-DD"
    prompt_for_basic_auth: false
    response_if_req_forbidden: Wrong password or try clearing your browser cache
    - name: "Allow unrestricted access to Admin users"
      type: allow
        name: "ldap-name"
        name: "ldap-name"
        groups: ["admin-group"]
      kibana_access: unrestricted

Thanks! What about kibana.yml? And are you using a reverse proxy?
Other question: does it happen with incognito mode? Or with another browser? What browser is this?

What about kibana.yml?

server.port: 5601
server.host: ""
elasticsearch.hosts: ["http://localhost:9200"]
server.publicBaseUrl: "http://url"
logging.verbose: false
migrations.enableV2: false
monitoring.enabled: false
console.enabled: true
elasticsearch.username: user
elasticsearch.password: pass

xpack.apm.ui.enabled: true
xpack.spaces.enabled: true
xpack.infra.enabled: true
xpack.security.enabled: false
xpack.ml.enabled: false
xpack.canvas.enabled: false
xpack.apm.enabled: true
xpack.uptime.enabled: false
xpack.graph.enabled: false
xpack.grokdebugger.enabled: true
xpack.reporting.encryptionKey: "kibana key"
xpack.task_manager.max_workers: 60
xpack.task_manager.poll_interval: 1000

      type: rolling-file
      fileName: /var/log/kibana/kibana.log
        type: time-interval
        interval: 24h
        modulate: true
        type: numeric
        pattern: '-%i'
        max: 7
        type: json
    - name: root
      appenders: [rolling-file]
      level: debug

apm_oss.indexPattern: "*:*-apm-*"
apm_oss.errorIndices: "*:*-apm-*"
apm_oss.onboardingIndices: "*:*-apm-*"
apm_oss.spanIndices: "*:*-apm-*"
apm_oss.transactionIndices: "*:*-apm-*"
apm_oss.metricsIndices: "*:*-apm-*"
apm_oss.sourcemapIndices: "*:*-apm-*"

readonlyrest_kbn.clearSessionOnEvents: ["login"]
readonlyrest_kbn.kibana_custom_css_inject: "[data-test-subj*=spacesNavSelector] { display: none !important } [data-test-subj*=homeLink] { display: none !important } [data-test-subj*=discover-addRuntimeField-popove] { display: none !important } [data-test-subj*=discoverOptionsButton] { display: none !important }"
readonlyrest_kbn.kibana_custom_js_inject: "$('[data-test-subj*=spacesNavSelector]').remove() $('[data-test-subj*=homeLink').remove() $('[data-test-subj=discover-addRuntimeField-popover').remove() $('[data-test-subj*=discoverOptionsButton]').remove()"
elasticsearch.requestHeadersWhitelist: ["authorization", "x-forwarded-for", "x-passed-nginx"]
readonlyrest_kbn.cookiePass: "pass"
readonlyrest_kbn.cookieName: "rorCookie"
readonlyrest_kbn.store_sessions_in_index: true
readonlyrest_kbn.sessions_index_name: ".readonlyrest_kibana_tribe_sessions"
readonlyrest_kbn.sessions_refresh_after: 100
readonlyrest_kbn.whitelistedPaths: [".*/api/status$"]
readonlyrest_kbn.sessions_probe_interval_seconds: 600

readonlyrest_kbn.login_html_head_inject: "<style> body {  background: #eee !important;}.ror-logo {  visibility: hidden;}.login > h1 {  margin: 0 auto;  background: url('https://psp.int.com/img/logo.png') no-repeat;  background-position: center center;  background-size: auto;}.ror-logolink {  display: none !important;}#form-username, #form-password {  background: none white !important;  outline: 0;  padding: 10px;  color: #777; text-shadow: none !important;  border: 1px solid #aaa !important;  border-radius: 2px !important;}#form-username:focus, #form-password:focus {  background: none white !important;  color: #777 !important;}.loginButton { color:#fff !important;  text-decoration:none;  font-size:16px;  width:100%;  padding:10px 15px;  background: #1890ff !important;  border:solid 1px #1890ff !important;  border-radius: 2px !important;  -webkit-border-radius: 2px; -moz-border-radius: 2px}.loginButton:hover{  color:#666;  border-color:#40a9ff !important;  background: #40a9ff !important;  border-radius:2px;  -webkit-border-radius:2px;  -moz-border-radius:2px}.ror-footer {  background: #eee!important;  color: #444 !important;}.ror-footer > div > p {  visibility: hidden !important;  position: relative;}.ror-footer > div > p:after {  content: '© 2022';  visibility: visible;  display: block; position:absolute;  top: 0;  left: 0;  width: 100%;  margin: 0 auto;} .message {color: #f7981d;}</style>

And are you using a reverse proxy?

Usually yes, but where it is not used the problem is also reproduced.

Other question: does it happen with incognito mode?


Or with another browser? What browser is this?

Reproducible issue on Safari FireFox Chrome. The problem is also reproduced on other computers. Our users reported the problem.

I see you have already tried to solve the problem, successfully? Did the pre-release from here really help?

Yes I recall in that particular support case, setting sameSite: lax in ror cookies was making the difference. We could reproduce.

@Dzuming do you need any extra info for this case ?

Yes, we introduced a fix for this issue in the ROR 1.51.0 version. As @sscarduzio said, sameSite: lax set during a cookie creation fixed the problem. Based on the first message you use 1.43.0 and 1.49.1so the upgrade of the ROR will fix the issue.

1 Like