Commit 51184287 authored by Jochen Kressin's avatar Jochen Kressin
Browse files

check default tenant also for SSO

parent 6ee2bd4d
......@@ -175,7 +175,7 @@ export default class SearchGuardBackend {
return null;
}
if (tenants[requestedTenant]) {
if (tenants[requestedTenant] != undefined) {
return requestedTenant;
}
......
......@@ -22,6 +22,7 @@ export default function (pluginRoot, server, APP_ROOT, API_ROOT) {
const basePath = config.get('server.basePath');
const global_enabled = config.get("searchguard.multitenancy.tenants.enable_global");
const private_enabled = config.get("searchguard.multitenancy.tenants.enable_private");
const preferredTenants = config.get("searchguard.multitenancy.tenants.preferred");
const backend = server.plugins.searchguard.getSearchGuardBackend();
server.ext('onPostAuth', async function (request, next) {
......@@ -31,11 +32,23 @@ export default function (pluginRoot, server, APP_ROOT, API_ROOT) {
// check for tenant in request
if (request.query && request.query.sg_tenant) {
let requestedTenant = request.query.sg_tenant;
let response = await backend.authinfo(request.headers);
selectedTenant = backend.validateTenant(response.user_name, requestedTenant, response.sg_tenants, global_enabled, private_enabled);
if(selectedTenant != null) {
// save validated tenant as preference
let prefcookie = backend.updateAndGetTenantPreferences(request, response.user_name, selectedTenant);
next.state('searchguard_tenant', selectedTenant)
next.state('searchguard_preferences', prefcookie);
}
}
// no tenant in request, check for tenant cookie. We need to check here again
// since for SSO like JWT the login functions are not called. So this means
// no searchguard_tenant and no query param
if(selectedTenant == null) {
let response = await backend.authinfo(request.headers);
selectedTenant = backend.getTenantByPreference(request, response.user_name, response.sg_tenants, preferredTenants, global_enabled, private_enabled);
if(selectedTenant != null) {
// save validated tenant as preference
let prefcookie = backend.updateAndGetTenantPreferences(request, response.user_name, selectedTenant);
......@@ -44,6 +57,7 @@ export default function (pluginRoot, server, APP_ROOT, API_ROOT) {
}
}
if (selectedTenant != null) {
assign(request.headers, {'sg_tenant' : selectedTenant});
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment