-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Automatically login as anonymous #1957
Comments
Users should not be automatically logged in as anonymous. Having said that, this feature can be enabled via feature-flag and can be cluster specific. The original PR fixed an important bug, where after logging out as SAML user it would automatically log you in as anonymous. This is not a good user experience. Reasoning for the observed behavior: When more than one option is passed for multi-auth, the Multi-Auth handler kicks in and the block similar to [2] is not present in [1] - https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/auth_handler_factory.ts#L64 |
|
@Flyingliuhub There are 2 different scenarios to consider when thinking about what the behavior should be:
In the case of 1) anonymous will be logged in automatically. The log out button does show in the dashboard, but its functionless if anonymous auth is the only sign in option. In the case of 2) what should the behavior be? @DarshitChanpura recently fixed a bug where SAML auth + Anonymous auth were incompatible: #1731 The fix for that issue introduced the change in behavior you are seeing. The behavior now is that if multiple sign in options are configured then it doesn't automatically login and instead displays the sign in options including a button for "Log in as Anonymous". There was a separate bug that @DarshitChanpura addressed when fixing the SAML + Anon incompatibility which was that if a user logged in as a regular user (regular meaning not anonymous, so basic auth user, SAML user, etc) and logged out. On log out they were being automatically logged in as anonymous instead of being presented with the sign on options. @kamingleung Any thoughts on this issue? |
[Triage] @Flyingliuhub @kamingleung do you have any more comments? |
adding @seraphjiang @BionIT here for more comments |
Is your feature request related to a problem?
With a recent PR, some behavior was changed such that when anonymous auth is enabled, anonymous user is no longer automatically logged in. Instead, when visiting OpenSearch Dashboards, users are presented with a login screen. To support public playground usecase, there is an ask to provide a way to go back to the old behavior of automatically login as anonymous.
What solution would you like?
Add a new setting that allows anonymous users to be automatically logged into OpenSearch Dashboards.
What alternatives have you considered?
None
Do you have any additional context?
None
The text was updated successfully, but these errors were encountered: