logout should redirect to the login screen at the server base path

x-pack/plugins/security/server/authentication/providers/basic.test.ts

@@ -85,7 +85,7 @@ describe('BasicAuthenticationProvider', () => {
 
       expect(authenticationResult.redirected()).toBe(true);
       expect(authenticationResult.redirectURL).toBe(
-        '/base-path/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
+        '/mock-server-basepath/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
       );
     });
 
@@ -193,7 +193,7 @@ describe('BasicAuthenticationProvider', () => {
       const request = httpServerMock.createKibanaRequest();
       const deauthenticateResult = await provider.logout(request);
       expect(deauthenticateResult.redirected()).toBe(true);
-      expect(deauthenticateResult.redirectURL).toBe('/base-path/login?msg=LOGGED_OUT');
+      expect(deauthenticateResult.redirectURL).toBe('/mock-server-basepath/login?msg=LOGGED_OUT');
     });
 
     it('passes query string parameters to the login page.', async () => {
@@ -203,7 +203,7 @@ describe('BasicAuthenticationProvider', () => {
       const deauthenticateResult = await provider.logout(request);
       expect(deauthenticateResult.redirected()).toBe(true);
       expect(deauthenticateResult.redirectURL).toBe(
-        '/base-path/login?next=%2Fapp%2Fml&msg=SESSION_EXPIRED'
+        '/mock-server-basepath/login?next=%2Fapp%2Fml&msg=SESSION_EXPIRED'
       );
     });
   });

x-pack/plugins/security/server/authentication/providers/basic.ts

@@ -88,7 +88,7 @@ export class BasicAuthenticationProvider extends BaseAuthenticationProvider {
         `${this.options.basePath.get(request)}${request.url.path}`
       );
       authenticationResult = AuthenticationResult.redirectTo(
-        `${this.options.basePath.get(request)}/login?next=${nextURL}`
+        `${this.options.basePath.serverBasePath}/login?next=${nextURL}`
       );
     }
 
@@ -104,7 +104,7 @@ export class BasicAuthenticationProvider extends BaseAuthenticationProvider {
     // logout reason that login page may need to know.
     const queryString = request.url.search || `?msg=LOGGED_OUT`;
     return DeauthenticationResult.redirectTo(
-      `${this.options.basePath.get(request)}/login${queryString}`
+      `${this.options.basePath.serverBasePath}/login${queryString}`
     );
   }
 

x-pack/plugins/security/server/authentication/providers/saml.test.ts

@@ -350,7 +350,7 @@ describe('SAMLAuthenticationProvider', () => {
         });
 
         expect(authenticationResult.redirected()).toBe(true);
-        expect(authenticationResult.redirectURL).toBe('/base-path/overwritten_session');
+        expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/overwritten_session');
       });
     });
 

x-pack/plugins/security/server/authentication/providers/saml.ts

@@ -390,7 +390,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider {
         'Login initiated by Identity Provider is for a different user than currently authenticated.'
       );
       return AuthenticationResult.redirectTo(
-        `${this.options.basePath.get(request)}/overwritten_session`,
+        `${this.options.basePath.serverBasePath}/overwritten_session`,
         { state: newState }
       );
     }

x-pack/plugins/security/server/authentication/providers/token.test.ts

@@ -124,7 +124,7 @@ describe('TokenAuthenticationProvider', () => {
 
       expect(authenticationResult.redirected()).toBe(true);
       expect(authenticationResult.redirectURL).toBe(
-        '/base-path/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
+        '/mock-server-basepath/login?next=%2Fbase-path%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
       );
     });
 
@@ -320,7 +320,7 @@ describe('TokenAuthenticationProvider', () => {
       expect(request.headers).not.toHaveProperty('authorization');
       expect(authenticationResult.redirected()).toBe(true);
       expect(authenticationResult.redirectURL).toBe(
-        '/base-path/login?next=%2Fbase-path%2Fsome-path'
+        '/mock-server-basepath/login?next=%2Fbase-path%2Fsome-path'
       );
       expect(authenticationResult.user).toBeUndefined();
       expect(authenticationResult.state).toEqual(null);
@@ -432,7 +432,7 @@ describe('TokenAuthenticationProvider', () => {
       sinon.assert.calledWithExactly(mockOptions.tokens.invalidate, tokenPair);
 
       expect(authenticationResult.redirected()).toBe(true);
-      expect(authenticationResult.redirectURL).toBe('/base-path/login?msg=LOGGED_OUT');
+      expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/login?msg=LOGGED_OUT');
     });
 
     it('redirects to /login with optional search parameters if tokens are invalidated successfully', async () => {
@@ -447,7 +447,7 @@ describe('TokenAuthenticationProvider', () => {
       sinon.assert.calledWithExactly(mockOptions.tokens.invalidate, tokenPair);
 
       expect(authenticationResult.redirected()).toBe(true);
-      expect(authenticationResult.redirectURL).toBe('/base-path/login?yep=nope');
+      expect(authenticationResult.redirectURL).toBe('/mock-server-basepath/login?yep=nope');
     });
   });
 });

x-pack/plugins/security/server/authentication/providers/token.ts

@@ -134,7 +134,7 @@ export class TokenAuthenticationProvider extends BaseAuthenticationProvider {
 
     const queryString = request.url.search || `?msg=LOGGED_OUT`;
     return DeauthenticationResult.redirectTo(
-      `${this.options.basePath.get(request)}/login${queryString}`
+      `${this.options.basePath.serverBasePath}/login${queryString}`
     );
   }
 
@@ -248,6 +248,6 @@ export class TokenAuthenticationProvider extends BaseAuthenticationProvider {
    */
   private getLoginPageURL(request: KibanaRequest) {
     const nextURL = encodeURIComponent(`${this.options.basePath.get(request)}${request.url.path}`);
-    return `${this.options.basePath.get(request)}/login?next=${nextURL}`;
+    return `${this.options.basePath.serverBasePath}/login?next=${nextURL}`;
   }
 }