diff --git a/x-pack/plugins/security/server/lib/authentication/providers/basic.js b/x-pack/plugins/security/server/lib/authentication/providers/basic.js index 68af8829679cf..ee6fe4ce03079 100644 --- a/x-pack/plugins/security/server/lib/authentication/providers/basic.js +++ b/x-pack/plugins/security/server/lib/authentication/providers/basic.js @@ -73,7 +73,7 @@ export class BasicAuthenticationProvider { // Query string may contain the path where logout has been called or // logout reason that login page may need to know. return DeauthenticationResult.redirectTo( - `${this._options.basePath}/login${request.url.search}` + `${this._options.basePath}/login${request.url.search || ''}` ); } diff --git a/x-pack/plugins/security/server/lib/authentication/providers/saml.js b/x-pack/plugins/security/server/lib/authentication/providers/saml.js index dbe6091d987dd..bb69e43ffee86 100644 --- a/x-pack/plugins/security/server/lib/authentication/providers/saml.js +++ b/x-pack/plugins/security/server/lib/authentication/providers/saml.js @@ -385,7 +385,7 @@ export class SAMLAuthenticationProvider { logoutArgs = [ 'shield.samlInvalidate', // Elasticsearch expects `queryString` without leading `?`, so we should strip it with `slice`. - { body: { queryString: request.url.search.slice(1), acs: this._getACS() } } + { body: { queryString: request.url.search ? request.url.search.slice(1) : '', acs: this._getACS() } } ]; } else { this._options.log(['debug', 'security', 'saml'], 'Logout has been initiated by the user.');