Programmatically disable XSRF protection for certain SAML/OpenID Connect routes #59002
Labels
enhancement
New value added to drive a business result
Feature:Security/Authentication
Platform Security - Authentication
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
azasypkin
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
|
Actually this has been fixed in #53010 and will be available in 7.7.0+. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Once this PR lands we'll be able to define some of our routes as ones that don't need to check XSRF-protection headers. Here is what we need to do in the scope of this issue:
xsrfRequired: falsefor SAML callback routexsrfRequired: falseOpenID Connect route for the 3rd-party initiated loginserver.xsrf.whitelistconfiguration in the docs (7.7+, basically just don't mention this config in docs anymore)The text was updated successfully, but these errors were encountered: