-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enterprise Search] Error state UI tweaks to account for current Cloud SSO behavior #73324
Conversation
- so users always have access to App Search
- more info can be found in setup guide
<FormattedMessage | ||
id="xpack.enterpriseSearch.errorConnectingState.troubleshootAuth" | ||
defaultMessage="Check your user authentication:" | ||
/> | ||
<ul> | ||
<li> | ||
<FormattedMessage | ||
id="xpack.enterpriseSearch.errorConnectingState.troubleshootAuthNative" | ||
defaultMessage="Are you using Elasticsearch Native auth?" | ||
/> | ||
</li> | ||
<li> | ||
<FormattedMessage | ||
id="xpack.enterpriseSearch.errorConnectingState.troubleshootAuthSAML" | ||
defaultMessage="If you’re on SSO or SAML, is your SAML realm also set up on Enterprise Search?" | ||
/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gchaps / @chriscressman - apologies for the last minute notice, but is there any chance we can get a quick copy check/pass on this new text? (Feel free to view the screenshot if that's easier!)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure thing @constancecchen . Here are some suggested changes. I'm trying to be a bit more explicit about what they must do to fix the issue:
Confirm your user authentication:
- You must authenticate using Elasticsearch Native auth or SSO/SAML
- If using SSO/SAML, you must set up your SAML realm on Enterprise Search
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If using SSO/SAML, you must set up your SAML realm on Enterprise Search
I know this is a bit more passive, but do we want to consider changing this to:
If using SSO/SAML, your SAML realm must be set up on Enterprise Search
The only reason why I ask this is because on Elastic Cloud, SSO is currently not set up for Enterprise Search and there is absolutely nothing the admin/operator can do about it until Cloud itself ships that functionality in 6 weeks.
I know this is a pretty special case though, and do think the active voice is generally better/applies to other SAML setups - just wanted to throw that context out there!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, your version looks good to me. I can see how in that scenario (and possibly others) the person setting up Enterprise Search in Kibana doesn't have control over the SAML setup.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I approve of these changes in the master branch.
d42cb96
to
994eca7
Compare
…d SSO behavior (elastic#73324) * Do not disable the Launch App Search button on the error page - so users always have access to App Search * Add troubleshooting steps that mention user authentication - more info can be found in setup guide * Tweak styling/spacing on troubleshooting steps * Copyedits (thanks Chris!)
…d SSO behavior (#73324) (#73370) * Do not disable the Launch App Search button on the error page - so users always have access to App Search * Add troubleshooting steps that mention user authentication - more info can be found in setup guide * Tweak styling/spacing on troubleshooting steps * Copyedits (thanks Chris!)
…d SSO behavior (#73324) (#73369) * Do not disable the Launch App Search button on the error page - so users always have access to App Search * Add troubleshooting steps that mention user authentication - more info can be found in setup guide * Tweak styling/spacing on troubleshooting steps * Copyedits (thanks Chris!)
* master: (44 commits) [Search] add server logs (elastic#72454) [SIEM][Timelines] Updates timeline template callout text (elastic#73334) Fix App status flaky test (elastic#72853) [Functional Tests] Increase the timeout when locating the tableview] (elastic#73243) Use "Apply_filter_trigger" in dashboard drilldown (elastic#71468) fix dashboard index pattern race condition (elastic#72899) [Functional Tests] Increase waitTime for timelion to fetch the results (elastic#73255) [Functional Tests] Fix flakiness on TSVB chart on switching index patterns test (elastic#73238) updates cypress to v4.11.0 (elastic#73327) [Metrics UI] Saved views bugs (elastic#72518) [Ingest Manager] Convert select agent config step to use combo box (elastic#73172) Exclude `version` from package config attributes that are copied, add safeguard to package config bulk create (elastic#73128) [Security Solution][ML] Updates siem group name to security (elastic#73218) [Security Solution] Show proper icon for termination status of all processes (elastic#73235) [Security Solution][Resolver] Show origin node details in panel on load (elastic#73313) [Security solution] Threat hunting test coverage improvements (elastic#73276) [Security Solution][Exceptions] - Update exception item comments to include id (elastic#73129) [Enterprise Search] Error state UI tweaks to account for current Cloud SSO behavior (elastic#73324) [dev/build/docker_generator] convert to typescript (elastic#73339) [APM] Fix focus map link on service map (elastic#73338) ...
Summary
We unfortunately discovered that Cloud has issues with the App Search in Kibana plugin due to SSO. The user that Cloud auto logs you in as is on an SSO/SAML realm that is not yet set up on Enterprise Search (but will be in six weeks).
To slightly help offset any interim confusion, we've added the following UI tweaks:
An extra "check your user authentication" troubleshooting step, which should hopefully guide most users to realizing the SSO/SAML issue
Making it so the "Launch App Search" button is always enabled, not disabled - this should allow SSO users to open Enterprise Search no matter what
Checklist
Delete any items that are not applicable to this PR.