Nodejs Regression #44062
Description
Kibana version:
7.3.0
Elasticsearch version:
7.3.0
Server OS version:
Windows Server 2012 R2
Browser version:
Chrome 76.0.3809.100
Browser OS version:
Windows 10
Original install method (e.g. download page, yum, from source, etc.):
Download page
Description of the problem including expected versus actual behavior:
Kibana is running behind an Apache reverse proxy that is doing NTLM authentication, and X-Pack Security handling authorization (using 'Run As privileges' feature); most of the time this works without issues and authentication is invisible to the user, but occasionally the browser pops up a login window requesting credentials and even when valid credentials are provided Kibana still redirects the user to the homepage as if its a new login, cancelling whatever the user was doing.
After some digging, I noticed that when this issue happens, Kibana (or Nodejs to be specific) sends a TCP RST to Apache invalidating the active session, this behavior led me to this issue:
nodejs/node#24980
I added server.listener.headersTimeout = 121e3; to http_tools.ts and this seems to have solved the issue as the login popups are gone.
Steps to reproduce:
- Setup an Apache reverse proxy doing NTLM authentication.
- Setup User impersonation in Kibana as described here
- Login to Kibana.
- Wait 120 seconds.
- Try to access anything in Kibana
Expected behavior:
Authentication should be invisible to the users.
Actual behavior:
A login prompt pops up requesting credentials.