You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In v2.15 the redirect to a goto dashboard with OIDC and custom security_tenant redirects back with an Internal 500 error due to missing security_tenant property in the URL.
How can one reproduce the bug?
Steps to reproduce the behavior:
Create a short URL from a dashboard like inside a custom tenant such as "test": goto/1234586f487e962d0dffb912345?security_tenant=test
Start a new OpenSearch Dashboards session with clean cookies.
Access the /goto/* URL and go via the OIDC login page
In the web browser after the redirect you can see
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}
due to missing ?security_tenant
5. See the error in the opensearch dashboard logs:
{"type":"log","@timestamp":"2024-11-29T11:13:22Z","tags":["error","http","server","OpenSearchDashboards"],"pid":969180,"message":"TypeError: Cannot read properties of undefined (reading 'location')\n
at addTenantParameterToResolvedShortLink (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/multitenancy/tenant_resolver.ts:213:46)\n at /usr/share/opensearch-dashboards/plugins/sec
urityDashboards/server/plugin.ts:140:46\n at interceptPreResponse (/usr/share/opensearch-dashboards/src/core/server/http/lifecycle/on_pre_response.js:107:30)\n at exports.Manager.execute (/usr/sha
re/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:57:29)\n at Request._invoke (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:398:55)\n at processTicksAndRej
ections (node:internal/process/task_queues:95:5)\n at Request._postCycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:469:32)\n at Request._reply (/usr/share/opensearch
-dashboards/node_modules/@hapi/hapi/lib/request.js:448:9)"}
{"type":"error","@timestamp":"2024-11-29T11:13:22Z","tags":[],"pid":969180,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n at HapiRes
ponseAdapter.toInternalError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:69:19)\n at interceptPreResponse (/usr/share/opensearch-dashboards/src/core/server/http/
lifecycle/on_pre_response.js:139:34)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:57:29)\n at Request._invoke (/usr/share/opensearch-dashbo
ards/node_modules/@hapi/hapi/lib/request.js:398:55)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at Request._postCycle (/usr/share/opensearch-dashboards/node_modules/@
hapi/hapi/lib/request.js:469:32)\n at Request._reply (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:448:9)"},"url":"http://localhost:XXXX/goto/123451234512345","message":"Internal Server Error"}
(...)
"connection":"Keep-Alive","securitytenant":""},"remoteAddress":"::1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) C
hrome/131.0.0.0 Safari/537.36"},"res":{"statusCode":500,"responseTime":23,"contentLength":9},"message":"GET
What is the expected behavior?
Redirect to goto/1234586f487e962d0dffb912345?security_tenant=test with the ?security_tenant=test instead.
This works when used explicitly after the OIDC session has been initialized.
What is the bug?
In v2.15 the redirect to a goto dashboard with OIDC and custom security_tenant redirects back with an Internal 500 error due to missing security_tenant property in the URL.
How can one reproduce the bug?
Steps to reproduce the behavior:
goto/1234586f487e962d0dffb912345?security_tenant=test
due to missing ?security_tenant
5. See the error in the opensearch dashboard logs:
What is the expected behavior?
Redirect to goto/1234586f487e962d0dffb912345?security_tenant=test with the ?security_tenant=test instead.
This works when used explicitly after the OIDC session has been initialized.
What is your host/environment?
The text was updated successfully, but these errors were encountered: