Skip to content

[Backport 2.x] Preserve Query in nextUrl during openid login redirect #1538

[Backport 2.x] Preserve Query in nextUrl during openid login redirect

[Backport 2.x] Preserve Query in nextUrl during openid login redirect #1538

name: Snapshot based E2E SAML tests workflow
on: [ push, pull_request ]
env:
OPENSEARCH_VERSION: '2.12.0'
CI: 1
# avoid warnings like "tput: No value for $TERM and no -T specified"
TERM: xterm
PLUGIN_NAME: opensearch-security
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
jobs:
tests:
name: Run Cypress E2E SAML tests
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
basePath: [ "", "/osd" ]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Branch
uses: actions/checkout@v3
# Add SAML Configuration
- name: Create SAML Configuration for Linux
if: ${{ runner.os == 'Linux'}}
run: |
echo "Creating new SAML configuration"
cat << 'EOT' > config_saml.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
entity_id: urn:example:idp
metadata_url: http://localhost:7000/metadata
sp:
entity_id: https://localhost:9200
kibana_url: http://localhost:5601${{ matrix.basePath }}
exchange_key: 6aff3042-1327-4f3d-82f0-40a157ac4464
authentication_backend:
type: noop
EOT
# Configure the Dashboard for SAML setup
- name: Configure and Run OpenSearch Dashboards with SAML Configuration
if: ${{ runner.os == 'Linux' }}
run: |
cat << 'EOT' > opensearch_dashboards_saml.yml
server.host: "localhost"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
opensearch_security.auth.type: ["saml"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.anonymous_auth_enabled: false
home.disableWelcomeScreen: true
EOT
- name: Run OSD with basePath
if: ${{ matrix.basePath != '' }}
run: |
echo "server.basePath: \"${{ matrix.basePath }}\"" >> opensearch_dashboards_saml.yml
echo "server.rewriteBasePath: true" >> opensearch_dashboards_saml.yml
- name: Run Cypress Tests with basePath
if: ${{ matrix.basePath != '' }}
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_saml.yml
dashboards_config_file: opensearch_dashboards_saml.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --spec "test/cypress/e2e/saml/*.js" --env basePath=${{ matrix.basePath }}'
osd_base_path: ${{ matrix.basePath }}
- name: Run Cypress Tests
if: ${{ matrix.basePath == '' }}
uses: ./.github/actions/run-cypress-tests
with:
security_config_file: config_saml.yml
dashboards_config_file: opensearch_dashboards_saml.yml
yarn_command: 'yarn cypress:run --browser chrome --headless --spec "test/cypress/e2e/saml/*.js"'