[authn] Introduced error for empty login attempt#237611
Merged
elena-shostak merged 9 commits intoelastic:mainfrom Oct 8, 2025
Merged
[authn] Introduced error for empty login attempt#237611elena-shostak merged 9 commits intoelastic:mainfrom
elena-shostak merged 9 commits intoelastic:mainfrom
Conversation
elena-shostak
commented
Oct 7, 2025
Comment on lines
+156
to
+161
| if ( | ||
| !attempt?.value && | ||
| [OIDCAuthenticationProvider.type, SAMLAuthenticationProvider.type].includes( | ||
| providerType as string | ||
| ) | ||
| ) { |
Contributor
Author
There was a problem hiding this comment.
Important
For anonymous login empty attempt.value is a legitimate case, so check for saml/oidc provider is needed
elena-shostak
added
Team:Security
Contributor
|
Pinging @elastic/kibana-security (Team:Security) |
kc13greiner
approved these changes
Oct 7, 2025
Contributor
kc13greiner
left a comment
kc13greiner
left a comment
There was a problem hiding this comment.
One question/nit - but PR LGTM!
x-pack/platform/plugins/shared/security/server/authentication/authentication_service.ts
Outdated
Show resolved
Hide resolved
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
ymao1
pushed a commit
to ymao1/kibana
that referenced
this pull request
Oct 8, 2025
## Summary Issue is coming from the `value` being `undefined` in the [attempt](https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/security/server/routes/authentication/common.ts). Added a separate error for empty login attempt with saml/oidc providers. ## How to test Run `node scripts/functional_tests_server --config=x-pack/platform/test/security_functional/oidc.config.ts` and make a request ```bash curl --location 'http://localhost:5620/internal/security/login' \ --header 'x-elastic-internal-origin: kibana' \ --header 'Kbn-Xsrf: true' \ --header 'Content-Type: text/plain' \ --data '{ "providerType": "OIDC", "providerName": "oidc1", "currentURL": "http://localhost:5620/login?next=%2F" }' ``` Refer to elastic#236579 (comment) for debug details ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. __Closes: https://github.com/elastic/kibana/issues/236579__ ### Release Note Introduced a separate error for empty login attempt with `saml/oidc` providers.
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
## Summary Issue is coming from the `value` being `undefined` in the [attempt](https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/security/server/routes/authentication/common.ts). Added a separate error for empty login attempt with saml/oidc providers. ## How to test Run `node scripts/functional_tests_server --config=x-pack/platform/test/security_functional/oidc.config.ts` and make a request ```bash curl --location 'http://localhost:5620/internal/security/login' \ --header 'x-elastic-internal-origin: kibana' \ --header 'Kbn-Xsrf: true' \ --header 'Content-Type: text/plain' \ --data '{ "providerType": "OIDC", "providerName": "oidc1", "currentURL": "http://localhost:5620/login?next=%2F" }' ``` Refer to elastic#236579 (comment) for debug details ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. __Closes: https://github.com/elastic/kibana/issues/236579__ ### Release Note Introduced a separate error for empty login attempt with `saml/oidc` providers.
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Oct 27, 2025
## Summary Issue is coming from the `value` being `undefined` in the [attempt](https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/security/server/routes/authentication/common.ts). Added a separate error for empty login attempt with saml/oidc providers. ## How to test Run `node scripts/functional_tests_server --config=x-pack/platform/test/security_functional/oidc.config.ts` and make a request ```bash curl --location 'http://localhost:5620/internal/security/login' \ --header 'x-elastic-internal-origin: kibana' \ --header 'Kbn-Xsrf: true' \ --header 'Content-Type: text/plain' \ --data '{ "providerType": "OIDC", "providerName": "oidc1", "currentURL": "http://localhost:5620/login?next=%2F" }' ``` Refer to elastic#236579 (comment) for debug details ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. __Closes: https://github.com/elastic/kibana/issues/236579__ ### Release Note Introduced a separate error for empty login attempt with `saml/oidc` providers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Issue is coming from the
valuebeingundefinedin the attempt. Added a separate error for empty login attempt with saml/oidc providers.How to test
Run
node scripts/functional_tests_server --config=x-pack/platform/test/security_functional/oidc.config.tsand make a request
Refer to #236579 (comment) for debug details
Checklist
release_note:*label is applied per the guidelinesbackport:*labels.Closes: #236579
Release Note
Introduced a separate error for empty login attempt with
saml/oidcproviders.