Currently we preserve original URL only for basic/token authentication providers (#57157), but we don't do this for others (SAML, OpenID Connect, Kerberos, PKI). The main reason is that supporting this for SSO is a bit tricky when Single Logout is used and user is redirected back and forth between Identity Provider (IdP) and Kibana.
There are a number of places where we can lose original URL and hence we need a reliable way to store it somewhere: IdP drops it if we try to store it in the URL like we do for basic/token, we may hit cookie size limit (~4KB, and Kibana URLs are very long usually) if we store it in the cookie, keeping it in the session/local browser storage would make it hard to retrieve it on the server side where we validate redirect URLs etc. The plan is to store it in the session index we'll introduce in #17870. Another prerequisite is #69506.
Note: Logged Out view should be able to deal with next parameter.
Blocked by: #17870, #69506
Currently we preserve original URL only for basic/token authentication providers (#57157), but we don't do this for others (SAML, OpenID Connect, Kerberos, PKI). The main reason is that supporting this for SSO is a bit tricky when Single Logout is used and user is redirected back and forth between Identity Provider (IdP) and Kibana.
There are a number of places where we can lose original URL and hence we need a reliable way to store it somewhere: IdP drops it if we try to store it in the URL like we do for basic/token, we may hit cookie size limit (~4KB, and Kibana URLs are very long usually) if we store it in the cookie, keeping it in the session/local browser storage would make it hard to retrieve it on the server side where we validate redirect URLs etc. The plan is to store it in the session index we'll introduce in #17870. Another prerequisite is #69506.
Note:
Logged Outview should be able to deal withnextparameter.Blocked by:
#17870, #69506