Allow to add query parameters in the log out URL #600
Labels
Comments
yuxitang-amzn
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The plugin automatically adds some query parameters to the log out URL, but if query parameters are present in the log out URL provided in
kibana.yml(opendistro_security.openid.logout_url) they are not taken into account.The result is that the URL generated by the plugin is malformed.
For example, if I set my logout URL like this:
https://mydomain.com?foo=bar, the plugin will generate this URL:https://mydomain.com?foo=bar?post_logout_redirect_uri=...&id_token_hint=....The need to add custom query parameters can come from authentication platforms that doesn't follow the OpenID specifications.
For example Auth0 asks for the redirect URL to be under the
returnTokey rather thanpost_logout_redirect_uri.Query parameters that are defined in the configuration should be parsed and added to the final URL generated by the plugin.
EDIT: the URL generation happens here: https://github.com/opendistro-for-elasticsearch/security-kibana-plugin/blob/5a48aad200fa274b727140a7391f304e7f7a625f/server/auth/types/openid/routes.ts#L184-L191
The text was updated successfully, but these errors were encountered: