Configuring OpenDistro Security Plugin for OpenID Connect using Azure AD App Registration

Hi All,

While configuring OpenDistro Security plugin for OIDC using Azure AD app registration, I am aware to what will be url for Kibana to register and how to use it.

Kibana URL - https://localhost:5601/auth/openid/login

I dont see the examples for elasticsearch api urls registration. Is the URL will be similar to like this -

https://localhost:9200/ ???

and how to get token to use it. Any guidance will be highly appreciated. Thanks

HI @arunkumarsingh

Why do you want to configure ES in Azure? If you want to use Kibana, there is no need to configure ES.

Hi @pablo Thanks for the response.
Sorry, I may have confused you, Let me rephrase it We are using Microsoft Identity Solution (Azure AD). Security team is advising not to use basic auth for Elasticsearch APIs. So I wanted to go for any other modern auth. (ex: OAuth/ SAML/ OpenID) keeping Kibana’s OpenID Auth intact. Please advise. Thanks

@arunkumarsingh, basicauth is required for Kibana. It has to be enabled and configured in config.yml along with OAuth/SAML/OpenID authentication.

Thanks @pablo for the information. In Case of Kibana I am aware that it is a requirement. I was wondering how this config will work. Kibana [openid] / Elasticsearch [ basic + OAuth/SAML]
Any pointer to config file arrangement will help. Thanks

@arunkumarsingh you can’t run separate authentication for Kibana and ES.
If you go with OID then both have to be set for OID.