Search Guard Kibana Plugin 6.x-16
Release Date: 20.11.2018
Security Fixes
- Fixed possible open-redirect on login page when basePath is an empty string
Fixes
- Fix infinite redirect by introducing a loadbalancer URL
- If a basepath is set, but Kibana was accessed directly (i.e. not using a proxy), the login page would end up in an infinite redirect loop
- If a loadbalancer URL is set in kibana.yml, Search Guard wouls redirect to this URL, avoiding the infinite redirect
- https://github.com/floragunncom/search-guard-kibana-plugin/pull/142
- Fixed “could not locate index pattern” when GLOBAL tenant is disabled
- Search Guard would falsely return a security exception for certain calls to the .kibana index
- Prerequisites: The GLOBAL tenant is disabled, there is no .kibana index present and do not fail on forbidden is enabled
- https://github.com/floragunncom/search-guard/commit/bc858dcf16aed828b073d31d8f3a6744e5cf6e85
- Improved check for AJAX requests when session has expired
Features
- Support anonymous access
- If anonymous access is enabled in Search Guard, users can use Kibana without entering credentials
- A “login” button is displayed to perform a regular login
- https://github.com/floragunncom/search-guard-kibana-plugin/pull/139
- Add username to logout button
- Account info overview
- Secondary login button for third party IdPs
- This feature makes it possible to use Basic Authentication alongside a third party IdPs
- If enabled, a secondary login button is displayed on the login page which can be used to redirect to the third party IdP
- https://github.com/floragunncom/search-guard-kibana-plugin/pull/145
- Support for IdP-initated SAML SSO