OpenSearch/x-pack
Tim Vernum 3c17d4379d
Expand logging when SAML Audience condition fails (#45027)
A mismatched configuration between the IdP and SP will often result in
SAML authentication attempts failing because the audience condition is
not met (because the IdP and SP disagree about the correct form of the
SP's Entity ID).

Previously the error message in this case did not provide sufficient
information to resolve the issue because the IdP's expected audience
would be truncated if it exceeeded 32 characters. Since the error did
not provide both IDs in full, it was not possible to determine the
correct fix (in detail) based on the error alone.

This change expands the message that is included in the thrown
exception, and also adds additional logging of every failed audience
condition, with diagnostics of the match failure.

Backport of: #44334
2019-07-31 19:40:17 +10:00
..
dev-tools
docs Document xpack.security.authc.saml.realm for Kibana (#44705) 2019-07-26 09:38:49 +03:00
license-tools [Backport] Remove dependency substitutions 7.x (#42866) 2019-06-04 13:50:23 -07:00
plugin Expand logging when SAML Audience condition fails (#45027) 2019-07-31 19:40:17 +10:00
qa Mute WatcherRestIT 20_minimal_body 2019-07-30 15:58:16 +01:00
snapshot-tool S3 3rd Party Test Goal (#44799) (#45004) 2019-07-30 17:16:41 +02:00
test [Backport] Remove dependency substitutions 7.x (#42866) 2019-06-04 13:50:23 -07:00
transport-client [Backport] Remove dependency substitutions 7.x (#42866) 2019-06-04 13:50:23 -07:00
NOTICE.txt
README.md
build.gradle [Backport] Remove dependency substitutions 7.x (#42866) 2019-06-04 13:50:23 -07:00

README.md

Elastic License Functionality

This directory tree contains files subject to the Elastic License. The files subject to the Elastic License are grouped in this directory to clearly separate them from files licensed under the Apache License 2.0.