Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support logging out of projects #162887

Closed
legrego opened this issue Aug 1, 2023 · 2 comments · Fixed by #163154
Closed

Support logging out of projects #162887

legrego opened this issue Aug 1, 2023 · 2 comments · Fixed by #163154
Assignees
@azasypkin
Labels
Feature:Security/Session Management Platform Security - Session Management Project:Serverless Work as part of the Serverless project for its initial release Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@legrego
Copy link
Member

legrego commented Aug 1, 2023

The MVP project experience will not include support for Single Log-out ("SLO"). This means that the cloud console and Kibana will maintain independent sessions, which must be independently managed.

Given this constraint, the user avatar menu should not include an explicit "Logout" link, because that gives the false impression that we are terminating their Elastic Session, but we are in fact only invalidating the Kibana session.

After discussing with @bytebilly, @tsullivan, and @sixstringcode, we have decided on the following:

  1. For serverless projects, we will replace the existing Logout link with a Close project link.
  2. Clicking the Close project link will:
    a) Invalidate the Kibana session (just as our Logout link does today)
    b) Redirect the user to their cloud console, where they can see their project list. This URL can be found via the xpack.cloud.base_url config property, which is already exposed via the cloud.baseUrl property on the cloud plugin's setup contract:

    kibana/x-pack/plugins/cloud/public/plugin.tsx

    Lines 76 to 96 in 02a43a1

    return {
    cloudId: id,
    deploymentId: parseDeploymentIdFromDeploymentUrl(this.config.deployment_url),
    cname,
    baseUrl,
    ...this.getCloudUrls(),
    elasticsearchUrl: decodedId?.elasticsearchUrl,
    kibanaUrl: decodedId?.kibanaUrl,
    cloudHost: decodedId?.host,
    cloudDefaultPort: decodedId?.defaultPort,
    trialEndDate: trialEndDate ? new Date(trialEndDate) : undefined,
    isElasticStaffOwned,
    isCloudEnabled: this.isCloudEnabled,
    isServerlessEnabled: this.isServerlessEnabled,
    serverless: {
    projectId: this.config.serverless?.project_id,
    },
    registerCloudService: (contextProvider) => {
    this.contextProviders.push(contextProvider);
    },
    };
@legrego legrego added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Session Management Platform Security - Session Management Project:Serverless Work as part of the Serverless project for its initial release labels Aug 1, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin azasypkin mentioned this issue Aug 4, 2023
Merged
@azasypkin
Copy link
Member

azasypkin commented Aug 4, 2023
edited
Loading

Redirect the user to their cloud console, where they can see their project list. This URL can be found via the xpack.cloud.base_url config property, which is already exposed via the cloud.baseUrl property on the cloud plugin's setup contract:

Small correction, we need cloud.baseUrl or the upcoming cloud.projectsUrl on the server-side, but it's currently only exposed on the client side. We're asking to expose this information on the server-side as well in https://github.com/elastic/kibana/pull/163076/files#r1284523872

UPDATE: It has been resolved in #163379

@azasypkin azasypkin mentioned this issue Aug 7, 2023
Merged
@azasypkin azasypkin self-assigned this Aug 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azasypkin azasypkin

Labels
Feature:Security/Session Management Platform Security - Session Management Project:Serverless Work as part of the Serverless project for its initial release Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support logging out of Serverless projects. azasypkin/kibana
3 participants
@azasypkin @legrego @elasticmachine