1836410 – Kibana Logout Function Does not log off user

Bug 1836410 - Kibana Logout Function Does not log off user

Summary: Kibana Logout Function Does not log off user

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	low
Target Milestone:	---
Target Release:	4.5.0
Assignee:	Jeff Cantrill
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1823305
TreeView+	depends on / blocked

Reported:	2020-05-15 20:11 UTC by Jeff Cantrill
Modified:	2020-07-13 17:39 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-13 17:39:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:2409	0	None	None	None	2020-07-13 17:39:42 UTC

Description Jeff Cantrill 2020-05-15 20:11:30 UTC

This bug was initially created as a copy of Bug #1823305

I am copying this bug because:

Description of problem:

The logout function doesn't work properly in Kibana. After the user is logged out from the Kibana dashboard, user will be able to login again in the new tab again without having to put in the login credentials.

Version-Release number of selected component (if applicable):

OpenShift version
Server Version: 4.2.14
Kubernetes Version: v1.14.6+b294fe5

How reproducible: Always

Steps to Reproduce:
1. Login to the kibana console
2. Logout from the kibana
3. Open the <Kibana route> again in the new tab of the browser, and you will be logged in automatically.

Actual results:
Kibana console is not asking for the Login credentials after logging out.

Expected results:
Kibana Console should ask for the login ID & password after logging out from a previous session.

Additional info:

1] Kibana is installed with the EFK stack (Cluster Logging operator).
2] Customer has checked opening the kibana in browser's incogito window too but still they are able to open the kibana dashboard without entering the credentials.

One more point in the Additional Info about the incognito window behavior:

3] It is not that when user log out from Kibana and try to access the same Kibana in incognito mode, we still get redirected. In that case, we are asked to enter the password. But when we log out from Kibana in an incognito browser and try to access Kibana in the same incognito browser, we can access the GUI even without login again. So basically we experience the same behavior either in a normal browser or incognito browser.

Comment 1 Jeff Cantrill 2020-05-15 20:12:30 UTC

Moving straight to modified given there is no logoff button for 4.5 but this blocks 1836002

Comment 11 Jeff Cantrill 2020-05-21 01:27:20 UTC

This BZ does not block 1836002

Comment 12 errata-xmlrpc 2020-07-13 17:39:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409

Note You need to log in before you can comment on or make changes to this bug.