Skip to content

[BACKPORT] Limit token expiry to 1 hour maximum (#38244)#38392

Merged
bizybot merged 1 commit intoelastic:6.xfrom
bizybot:backport-token-expiry-limit
Feb 5, 2019
Merged

[BACKPORT] Limit token expiry to 1 hour maximum (#38244)#38392
bizybot merged 1 commit intoelastic:6.xfrom
bizybot:backport-token-expiry-limit

Conversation

@bizybot
Copy link
Copy Markdown
Contributor

@bizybot bizybot commented Feb 5, 2019
edited
Loading

We mention in our documentation for the token
expiration configuration maximum value is 1 hour
but do not enforce it. This commit adds max limit
to the TOKEN_EXPIRATION setting.

Note: Since this is a backport and the min max
time value support was not there in 6.x, I have
selectively picked the change from Setting.
The changes were done for zen2.

@bizybot bizybot added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) backport labels Feb 5, 2019
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Feb 5, 2019

Pinging @elastic/es-security

@bizybot
Limit token expiry to 1 hour maximum (elastic#38244)
e6c9b83 
We mention in our documentation for the token
expiration configuration maximum value is 1 hour
but do not enforce it. This commit adds max limit
to the TOKEN_EXPIRATION setting.

Note: Since this is a backport and the min max
time value support was not there in 6.x, I have
selectively picked the change from Setting.
The changes were done for zen2.
@bizybot bizybot force-pushed the backport-token-expiry-limit branch from fc52246 to e6c9b83 Compare February 5, 2019 05:04
@bizybot bizybot requested review from jaymode and jkakavas February 5, 2019 05:04
@bizybot
Copy link
Copy Markdown
Contributor Author

bizybot commented Feb 5, 2019

Hi @jaymode, @jkakavas While backporting this change I found that the minMaxTimeValueParser was not
present in Setting class on 6.x. The change was introduced with zen2 and so I have selectively picked
the change here. Please take a look when you get some time. Thank you.

jkakavas
jkakavas approved these changes Feb 5, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Yogesh, I see no reason for not cherry picking the minMaxTimeValueParser to 6.x

@bizybot bizybot merged commit c5bccb1 into elastic:6.x Feb 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

@jaymode jaymode Awaiting requested review from jaymode

Assignees

No one assigned

Labels

backport :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bizybot @elasticmachine @jkakavas