Hello Team,
I am trying to configure azure ad SSO with opensearch using openid.

I have done following config in opensearch_dashboard.yml

opensearch_security.auth.type: “openid”
opensearch_security.openid.scope: “openid”
opensearch_security.openid.client_id: “”
opensearch_security.openid.client_secret: “”
opensearch_security.openid.base_redirect_url: “https://kibanadashboardurl”
opensearch_security.openid.connect_url: “https://login.microsoftonline.com//v2.0/.well-known/openid-configuration”

Opensearch Dashboards

logging.verbose: true

in config.yml for ES I have done following config.

authc:
  basic_internal_auth_domain:
    http_enabled: true
    transport_enabled: true
    order: 0
    http_authenticator:
      type: basic
      challenge: false
    authentication_backend:
      type: internal
  openid_auth_domain:
    http_enabled: true
    transport_enabled: true
    order: 1
    http_authenticator:
      type: openid
      challenge: false
      config:
        enable_ssl: true
        #verify_hostnames: false
        subject_key: preferred_username
        roles_key: roles
        openid_connect_url: https://login.microsoftonline.com/<tenantidplaceholder>/v2.0/.well-known/openid-configuration
    authentication_backend:
      type: noop

while trying to hit my kibana server my browser keep landing on same page where it asks for my azuread cred.

and while checking the logs getting following error in opensearch-dashboard log

“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“OpenId authentication failed: Error: Authentication Exception”}

com.amazon.dlic.auth.http.jwt.keybyoidc.BadCredentialsException: Unknown kid oVqnlVMPtLpS9kCKpMtz1O9UXGQ

can please help to resolve this to make it work.
thanks for reading this, any help is appreciated.