I am currently working on setting up SSO with OIDC. However, after searching many hours, I have come to the conclusion that accessing IdPs through proxies is currently not possible. The opensearch-dashboards.yml simply does not have an appropriate configuration option (as far as I can see). This means that I am getting 502 - Bad Gateway errors from opensearch-dashboards when it tries to load the well-known endpoint.
Looking at the Elasticsearch documentation, there seem to be proxy settings in Elastic/OpenSearch for OIDC providers and setting these does not throw any errors for me (even though they are not documented for OpenSearch):
However, the endpoint is also configured in the opensearch-dashboards.yml (opensearch_security.openid.connect_url) but there is apparently no proxy setting available.
Will this feature be added or this there currently a workaround to this?
Are you sure that the traffic to your SSO actually goes through the proxy? If the SSO IdP is reachable without a proxy then this would off course work anyway.
many thanks for sending the configuration files, I will continue the thread here to keep things open. I have looked at your configuration but could not find any entries for a proxy connection (as you said). Can you elaborate on how your proxy is set up?
I can probably set up a transparent proxy on the docker host machine, to force all traffic through my proxy. I would however prefer the possibility to configure the proxy directly for the Kibana/Dashboards application like I am apparently able to do with OpenSearch.
thanks for your reply. No, I have only run this in Docker. The host machine was CentOS 7. Unfortunately I could never get this to work and we are now using the AWS OpenSearch service with SAML authentication.