SSO/SAML Login doesn't redirect to originally requested URL

Version: 6.3.0

We have enterprise SSO/SAML login working well, but there is an issue when users are not already logged in, and they click on a link directly to a dashboard/visualization/search.

e.g., When an unauthenticated user clicks a link to:
https://kibana.company.com/app/kibana#/dashboard/f1ee0dc1-b16b-11e8-abc9-3d84520e2c1d

Kibana will prompt for SSO login. User will log in via SSO.

Then Kibana will always redirect to the “Home” page:
https://kibana.company.com/app/kibana#/home?_g=()

So the link is effectively useless because our users aren’t trained in how to navigate thru Kibana, they just link directly to pre-configured dashboards.

Hy Brady, what version are you using? This bug was fixed 31st of August in the master branch.

Es is 6.3.0. Is there a released RoR version I can use that has the fix?

Hi @bradvido, the cookie-based nextUrl feature is not implemented for Kibana pre-6.6.0. Do you have in mind to update soon to a newer version?

@sscarduzio, We have updated to 6.8.3 now. I am having an issue however. We’ve installed the enterprise plugin of kibana and everything is working except for SAML.

All of the SAML related URLs are giving 404 errors, such as:
/ror_kbn_sso/assert
image

Also
/ror_kbn_sso_saml_serv1/metadata.xml
image

Can you help? I’ve double-checked to make sure the version installed is enterprise kibana plugin:
readonlyrest_kbn_enterprise-1.18.5_es6.8.3.zip

We implemented the multiple-server feature for SAML, now the paths are slightly different. They are anyway printed in Kibana stdout at startup time. You might need to update your SAML IdP settings.

1 Like

@sscarduzio

It seems the url path changed to ror_kbn_sso _saml
Updating to that made SSO/SAML login work :slight_smile:

However, the nextUrl is still not working. I see the cookie being set in the requests, but still only get the home page when logging in.

Here’s three requests related to the SAML login:

And the cookies in each one:

assert POST

login GET

login POST

It seems the cookie is lost in that last response! So I get the default home screen

I do see this in the kibana logs, so I know it’s getting the cookie during the login request:
{"type":"log","@timestamp":"2019-09-12T15:05:37Z","tags":["info","readonlyrest_kbn:loginHandler(DBG)"],"pid":5812,"message":"Found cookie nextUrl: string /app/kibana#/dashboard/f1ee0dc0-b16a-11e8-abc9-3d84500e2c1d"}

1 Like

OK I think I fixed this. Will link to the build in a PM

1 Like