Skip to content

[8.19] Improve cache invalidation in IdP SP cache (#128890)#129022

Merged
elasticsearchmachine merged 2 commits intoelastic:8.19from
tvernum:backport/8.19/pr-128890
Jun 6, 2025
Merged

[8.19] Improve cache invalidation in IdP SP cache (#128890)#129022
elasticsearchmachine merged 2 commits intoelastic:8.19from
tvernum:backport/8.19/pr-128890

Conversation

@tvernum
Copy link
Copy Markdown
Contributor

@tvernum tvernum commented Jun 6, 2025

Backports the following commits to 8.19:

@tvernum
Improve cache invalidation in IdP SP cache (elastic#128890)
54d21ac 
The Identity Provider's Service Provider cache had two issues:

1. It checked for identity based on sequence numbers, but didn't
   include the `seq_no_primary_term` parameter on searches, which
   means the sequence would always by `-2`
2. It didn't track whether the index was deleted, which means it
   could be caching values from an old version of the index

This commit fixes both of these issues.

In practice neither issue was a problem because there are no
deployments that use index-based service providers, however the 2nd
issue did cause some challenges for testing.
@tvernum tvernum added :Security/IdentityProvider Identity Provider (SSO) project in X-Pack >bug auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Security Meta label for security team labels Jun 6, 2025
@elasticsearchmachine elasticsearchmachine mentioned this pull request Jun 6, 2025
Merged
@elasticsearchmachine elasticsearchmachine merged commit bc7960d into elastic:8.19 Jun 6, 2025
20 checks passed
@tvernum tvernum deleted the backport/8.19/pr-128890 branch June 6, 2025 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug :Security/IdentityProvider Identity Provider (SSO) project in X-Pack Team:Security Meta label for security team v8.19.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tvernum @elasticsearchmachine