Option to continue session if browser / tab is closed · elastic/kibana#36573

(4 Kommentare) (7 Reaktionen) (0 zugewiesene Personen)TypeScript (19.065 Stars) (8.021 Forks)batch import

Feature:Security/AuthenticationTeam:Securityenhancementgood first issue

Beschreibung

With xpack.security.sessionTimeout, you can extend the session timeout but it will always log out if the tab or browser window is closed. There are many systems (Slack, Skype, etc.) that connect via SSO that will keep the connectivity because the login credentials are kept by the system.

The original user making this request is hooking up Kibana/Elastic to SAML, and are finding that browser restarts always invalidate their sessions. This is as-designed per https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html, but this user would like to have that behavior changed or changeable.

Contributor Guide

Tech Stack: typescriptreactnodejs
Domain: backendsecurityauthentication
Issue Type: feature
Schwierigkeit: 3
Geschätzte Zeit: 1-2 days
Aktivitätsstatus: stale
Klarheit: mostly clear
Voraussetzungen: Understanding of Kibana session managementKnowledge of SAML authentication
Einsteigerfreundlichkeit: 30
Research-Richtung: Review the current session timeout implementation in Kibana, specifically the xpack.security.sessionTimeout setting and how SAML sessions are handled. Investigate how other systems like Slack persist sessions across browser restarts. Check linked issues and comments for any proposed solutions or related work.