Fix OIDC looping issue - too many redriects

[aoguan1990]

Signed-off-by: Aozixuan Priscilla Guan [email protected]

Description

Customized error handling mechanism based on the error message for OIDC routing

Category

Bug fix

Why these changes are required?

Resolve redirect login looping issues when authentication failures detected.

What is the old behavior before changes and new behavior after changes?

Old Behavior:

Any exceptions caught during the OIDC authentication process causes redirecting login infinitely.

New Behavior:
If error message includes "authentication error": => return 401: unauthorized
Else: redirect to login

Issues Resolved

#990

Testing

unit testing and integration testing

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cliu123]

@aoguan1990 Great contribution! Please sign the commit and add tests for the fix.

[aoguan1990]

@aoguan1990 Great contribution! Please sign the commit and add tests for the fix.

@cliu123 Unit test and commit issues are fixed. Please advice when we can resolve the integration test blocker.

[cliu123]

@aoguan1990 Thanks for resoving these issues! Could you please add tests for the fix? Without the fix, the test should fail. With the fix, the test should pass.

[seraphjiang]

I saw integration test failed on download 2.1 security artifacts. do we have 2.1 artifacts now?

https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/3911/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip

Run wget -O opensearch-security.zip https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip
--2022-06-21 21:53:44--  https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip
Resolving ci.opensearch.org (ci.opensearch.org)... 52.84.125.21, 52.84.125.109, 52.84.125.1[7](https://github.com/opensearch-project/security-dashboards-plugin/runs/6993741182?check_suite_focus=true#step:3:8), ...
Connecting to ci.opensearch.org (ci.opensearch.org)|52.84.125.21|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: /ci/dbc/distribution-build-opensearch/2.1.0/3911/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip [following]
--2022-06-21 21:53:44--  https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/3911/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip
Reusing existing connection to ci.opensearch.org:443.
HTTP request sent, awaiting response... 403 Forbidden
2022-06-21 21:53:45 ERROR 403: Forbidden.
Error: Process completed with exit code [8](https://github.com/opensearch-project/security-dashboards-plugin/runs/6993741182?check_suite_focus=true#step:3:9).

[cliu123]

@seraphjiang This is an known issue. 2.1.0 build failed, so the artifact hasn't been available yet. This PR needs to wait for the artifact.
@zelinh @gaiksaya When is the 2.1.0 artifact expected to be available?

[DarshitChanpura]

@opensearch-project/security Can we get a second review for this?

[cliu123]

@aoguan1990 @seraphjiang Thanks for the contribution!

[peternied]

@aoguan1990 I know this was merged, but I do not see test modifications in the pull request, could you make another pull request to include them?

[aoguan1990]

@aoguan1990 I know this was merged, but I do not see test modifications in the pull request, could you make another pull request to include them?

@peternied Due to the technical challenge, our existing test framework does not include test cases for OIDC authentication. As per discussion with @seraphjiang and @zengyan-amazon, we can revisit the OIDC test case issue later. So closed the issue #990 for now.