Azure AD OpenID infinite redirection

OpenSearch
,
1

Hi guys,

I am having issues with integrating OpenSearch with Azure AD using APP registrations, trough OpenID.
I am using Opensearch with Helm charts.
The issue im getting is that login goes trough successfully but i get into infinite redirect after it.
I’ve tried several recommendations from links online, from forum and official docs but can’t figure out what is wrong.
My dashboards snippet of config:

**type or paste code here**server.name: opensearch-dashboards
server.host: "0"
opensearch.hosts: ["https://${OPENSEARCH_DNS1}:9200"]
opensearch.ssl.verificationMode: certificate
opensearch.ssl.certificateAuthorities: /usr/share/opensearch-dashboards/config/root-ca.pem
server.ssl.enabled: false
opensearch_security.cookie.secure: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch.username: ${OPENSEARCH_ADMIN_USERNAME}
opensearch.password: ${OPENSEARCH_ADMIN_PASSWORD}

opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.auth.type: "openid"
opensearch_security.openid.connect_url: "https://login.microsoftonline.com/MyTenantID/v2.0/.well-known/openid-configuration"
opensearch_security.openid.client_id: "${OPENSEARCH_CLIENT_ID}"
opensearch_security.openid.client_secret: "${OPENSEARCH_CLIENT_SECRET}"
opensearch_security.openid.scope: "openid"
opensearch_security.openid.base_redirect_url: "${OPENSEARCH_OPENID_REDIRECT_URL}"

My config.yml snippet:

    authc:
      basic:
        description: "Basic user/pw"
        http_enabled: true
        transport_enabled: true
        order: 1
        http_authenticator:
          type: basic
          challenge: true
        authentication_backend:
          type: internal

      openid_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: openid
          challenge: false
          config:
            subject_key: preferred_username
            roles_key: roles
            openid_connect_url: https://login.microsoftonline.com/MyTennantID/v2.0/.well-known/openid-configuration
            openid_connect_idp.enable_ssl: true
            openid_connect_idp.verify_hostnames: true
            openid_connect_idp.pemtrustedcas_filepath: "/usr/share/opensearch/config/root-ca.pem"
            jwks_uri:  https://login.microsoftonline.com/MyTennantID/discovery/v2.0/keys
            skip_users:
              - kibanaro
              - kibanaserver
              - logstash
              - adminp
              - admin
              - filebeat_internal
              - kibanauser
        authentication_backend:
          type: noop

I saw a bunch of links with the same issue but no solution for this.
Only found this bug, and am asking if that is related to my issue: Set-Cookie header is ignored due to size limit after the Kibana upgrade to 1.10.1 · Issue #516 · opensearch-project/security-dashboards-plugin · GitHub

Or if there is a workaround i would be glad to see.
Logs don’t show any errors, except the redirect with http 302 constantly being thrown.

Thanks in advance and nice to meet you!

Dusan