Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.18.0
Describe the issue: We are using Opensearch 2.18.0 and have allocated roles and rolemappings via opensearch security OpenID configuration (Keycloak). We discovered that the connection between Opensearch and OIDC, i.e. Keycloak, had been disrupted sometime after success. In the logs, we discovered that Opensearch is attempting to establish a connection with Keycloak by sending requests that fail owing to a broken pipe and an AuthenticatorUnavailableException.
Configuration:
_meta:
type: “config”
config_version: 2
config:
dynamic:
authc:
openid_auth_domain:
description: "Authenticate via Openid Connect"
http_enabled: true
transport_enabled: true
http_authenticator:
type: openid
challenge: false
config:
subject_key: "sub"
roles_key: "roles"
openid_connect_url: "https://.........:8443/auth/realms/master/.well-known/openid-configuration"
header: "Authorization"
openid_connect_idp:
enable_ssl: true
verify_hostnames: true
pemtrustedcas_filepath: "xxx/xxxxx/xxxxxxx/ca.crt"
enable_ssl_client_auth: true
pemkey_filepath: "/xxx/xxxxx/xxxxxxx/tls.key"
pemcert_filepath: "/xxx/xxxxx/xxxxxxx/tls.crt"
order: 1
authentication_backend:
type: noop
Relevant Logs or Screenshots:
“message”:“I/O exception (java.net.SocketException) caught when processing request to {s}->[https://XXXXXXX:8443/) Broken pipe”,
“message”:“Retrying request to {s}->[https://XXXXXXX:8443","metadata":](https://XXXXXXX:8443”,“metadata”/)
“message”:“com.amazon.dlic.auth.http.jwt.keybyoidc.AuthenticatorUnavailableException: Authentication backend failed”
“message”:“KeySetProvider threw error”
“message”:“com.amazon.dlic.auth.http.jwt.keybyoidc.AuthenticatorUnavailableException: Error while getting https://XXXXXXX:8443/auth/realms/master/.well-known/openid-configuration: java.net.SocketException: Broken pipe”
Could someone please assist me with this issue?