From f6d1e6846a0739d0ff20419c6a042360ab614609 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Thu, 30 Jan 2025 12:51:50 +0100 Subject: [PATCH] Replace _opendistro route to _plugins --- .github/workflows/cypress-test-multiauth-e2e.yml | 2 +- .github/workflows/cypress-test-saml-e2e.yml | 2 +- server/auth/types/saml/routes.ts | 8 ++++---- test/jest_integration/runIdpServer.js | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cypress-test-multiauth-e2e.yml b/.github/workflows/cypress-test-multiauth-e2e.yml index bb7985f9b..e4a9376a9 100644 --- a/.github/workflows/cypress-test-multiauth-e2e.yml +++ b/.github/workflows/cypress-test-multiauth-e2e.yml @@ -83,7 +83,7 @@ jobs: opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.cookie.secure: false - server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] + server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/logout"] opensearch_security.auth.type: ["basicauth","saml"] opensearch_security.auth.multiple_auth_enabled: true opensearch_security.auth.anonymous_auth_enabled: false diff --git a/.github/workflows/cypress-test-saml-e2e.yml b/.github/workflows/cypress-test-saml-e2e.yml index 3025c2cde..369bef986 100644 --- a/.github/workflows/cypress-test-saml-e2e.yml +++ b/.github/workflows/cypress-test-saml-e2e.yml @@ -83,7 +83,7 @@ jobs: opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.cookie.secure: false - server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"] + server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/logout"] opensearch_security.auth.type: ["saml"] opensearch_security.auth.multiple_auth_enabled: true opensearch_security.auth.anonymous_auth_enabled: false diff --git a/server/auth/types/saml/routes.ts b/server/auth/types/saml/routes.ts index 0e01803c1..6035b9996 100644 --- a/server/auth/types/saml/routes.ts +++ b/server/auth/types/saml/routes.ts @@ -101,7 +101,7 @@ export class SamlAuthRoutes { this.router.post( { - path: `/_opendistro/_security/saml/acs`, + path: `/_plugins/_security/saml/acs`, validate: { body: schema.any(), }, @@ -200,7 +200,7 @@ export class SamlAuthRoutes { this.router.post( { - path: `/_opendistro/_security/saml/acs/idpinitiated`, + path: `/_plugins/_security/saml/acs/idpinitiated`, validate: { body: schema.any(), }, @@ -209,7 +209,7 @@ export class SamlAuthRoutes { }, }, async (context, request, response) => { - const acsEndpoint = `${this.coreSetup.http.basePath.serverBasePath}/_opendistro/_security/saml/acs/idpinitiated`; + const acsEndpoint = `${this.coreSetup.http.basePath.serverBasePath}/_plugins/_security/saml/acs/idpinitiated`; try { const credentials = await this.securityClient.authToken({ requestId: undefined, @@ -328,7 +328,7 @@ export class SamlAuthRoutes { } ); - // Once the User is authenticated via the '_opendistro/_security/saml/acs' route, + // Once the User is authenticated via the '_plugins/_security/saml/acs' route, // the browser will be redirected to '/auth/saml/redirectUrlFragment' route, // which will execute the redirectUrlFragment.js. this.coreSetup.http.resources.register( diff --git a/test/jest_integration/runIdpServer.js b/test/jest_integration/runIdpServer.js index 13149dbd5..f40500c70 100644 --- a/test/jest_integration/runIdpServer.js +++ b/test/jest_integration/runIdpServer.js @@ -31,7 +31,7 @@ const argv = minimist(process.argv.slice(2), { // Create certificate pair on the fly and pass it to runServer runServer({ - acsUrl: `http://localhost:5601${argv.basePath}/_opendistro/_security/saml/acs`, + acsUrl: `http://localhost:5601${argv.basePath}/_plugins/_security/saml/acs`, audience: 'https://localhost:9200', cert: pems.cert, key: pems.private.toString().replace(/\r\n/, '\n'),