Bug 1836410

Summary: Kibana Logout Function Does not log off user
Product: OpenShift Container Platform Reporter: Jeff Cantrill <jcantril>
Component: LoggingAssignee: Jeff Cantrill <jcantril>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: low Docs Contact:
Priority: urgent    
Version: 4.5CC: anli, aos-bugs, eparis, mmcneill
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:39:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1823305    

Description Jeff Cantrill 2020-05-15 20:11:30 UTC 
This bug was initially created as a copy of Bug #1823305

I am copying this bug because: 



Description of problem:

The logout function doesn't work properly in Kibana. After the user is logged out from the Kibana dashboard, user will be able to login again in the new tab again without having to put in the login credentials.

Version-Release number of selected component (if applicable):

OpenShift version
Server Version: 4.2.14
Kubernetes Version: v1.14.6+b294fe5

How reproducible: Always


Steps to Reproduce:
1. Login to the kibana console
2. Logout from the kibana 
3. Open the <Kibana route> again in the new tab of the browser, and you will be logged in automatically.

Actual results:
Kibana console is not asking for the Login credentials after logging out.

Expected results:
Kibana Console should ask for the login ID & password after logging out from a previous session.

Additional info:

1] Kibana is installed with the EFK stack (Cluster Logging operator).
2] Customer has checked opening the kibana in browser's incogito window too but still they are able to open the kibana dashboard without entering the credentials.

One more  point in the Additional Info about the incognito window behavior:

3] It is not that when user log out from Kibana and try to access the same Kibana in incognito mode, we still get redirected. In that case, we are asked to enter the password. But when we log out from Kibana in an incognito browser and try to access Kibana in the same incognito browser, we can access the GUI even without login again. So basically we experience the same behavior either in a normal browser or incognito browser.
Comment 1 Jeff Cantrill 2020-05-15 20:12:30 UTC 
Moving straight to modified given there is no logoff button for 4.5 but this blocks 1836002
Comment 11 Jeff Cantrill 2020-05-21 01:27:20 UTC 
This BZ does not block 1836002
Comment 12 errata-xmlrpc 2020-07-13 17:39:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409