Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change] Provide sensible defaults for xpack.security.session.{lifespan|idleTimeout} #81747

Closed
legrego opened this issue Oct 27, 2020 · 4 comments
Closed

[Breaking change] Provide sensible defaults for xpack.security.session.{lifespan|idleTimeout} #81747

legrego opened this issue Oct 27, 2020 · 4 comments
Labels
Breaking Change Feature:Upgrade Assistant NeededFor:Security Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@legrego
Copy link
Member

legrego commented Oct 27, 2020

Change description

Which release will ship the breaking change?

8.0

Describe the change. How will it manifest to users?

When security is enabled, the default behavior is to create sessions without an idle timeout or a lifetime. This means that once a user is logged in, their session will remain active until they manually log out, or clear their browser session.

As discussed in #68885, we would like to change the default configuration to provide sensible defaults so that all sessions will have both an idle timeout and a lifespan.

How many users will be affected?

Users who do not specify their own xpack.security.session.idleTimeout or xpack.security.session.lifespan will suddenly find themselves with our defaults applied. If they wish to restore the existing behavior, then they will need to adjust their kibana.yml manually.

What can users do to address the change manually?

Update their kibana.yml to adjust the session timeout/lifespan

How could we make migration easier with the Upgrade Assistant?

I don't think this is something that warrants a custom UI, but having the deprecation warning appear in the UA would be beneficial.

Are there any edge cases?

Test Data

Provide test data. We can’t build a solution without data to test it against.

Cross links

Cross-link to relevant Elasticsearch breaking changes.
@legrego legrego added Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more Feature:Upgrade Assistant Breaking Change labels Oct 27, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/es-ui (Team:Elasticsearch UI)

@legrego legrego added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Oct 27, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@kobelb kobelb added NeededFor:Security and removed Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Oct 28, 2020
@legrego legrego added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Nov 3, 2020
@kobelb kobelb mentioned this issue Dec 14, 2020
Closed
@alisonelizabeth alisonelizabeth removed the Team:Kibana Management Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more label Apr 19, 2021
@alisonelizabeth
Copy link
Contributor

I'm going to remove the Elasticsearch UI team label. This deprecation should be registered by the plugin owner via the core deprecations service (#94845). All registered deprecations will be displayed in the Upgrade Assistant (to be implemented via #97159). Feel free to reach out to myself or the core team with any questions!

@legrego
Copy link
Member Author

legrego commented Aug 3, 2021

Resolved via #106061

@legrego legrego closed this as completed Aug 3, 2021
@cjcenizal cjcenizal mentioned this issue Aug 18, 2021
Closed
@jportner jportner mentioned this issue Sep 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Breaking Change Feature:Upgrade Assistant NeededFor:Security Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kobelb @legrego @alisonelizabeth @elasticmachine