Getting 400 bad request

taltsafrir · December 8, 2024, 7:20pm

Hi, we are using version 2.7 and saml, and from time to time we are getting 400 invalid request id
this is our config:

_meta:
  type: "config"
  config_version: 2
config:
  dynamic:
    authc:
      basic_internal_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: internal
      saml_auth_domain:
        http_enabled: true
        transport_enabled: false
        order: 1
        http_authenticator:
          type: saml
          challenge: true
          config:
            idp:
              metadata_url: {{ metadata_url }}
              entity_id: {{ entity_id }}
            sp:
              entity_id: kibana-saml
            kibana_url: {{ kibana_url }}
            roles_key: Role
            exchange_key: {{ exchange_key }}
            jwt:
              expiry: AUTO+10080
        authentication_backend:
          type: noop

please any idea

Eugene7 · December 9, 2024, 11:54am

Hi @taltsafrir ,

Could you please share opensearch_dashboards.yml ?

Also, could you please send a URL where you found the following configuration?

taltsafrir · December 9, 2024, 1:09pm

server.name: "{{ opensearch_dashboards_name }}"

server.host: "0.0.0.0"

data_source.enabled: true

opensearch.hosts:
    - https://{{ node }}:9200
  {% endfor %}


opensearch.requestHeadersAllowlist: [ authorization,securitytenant ]

opensearch.ssl.verificationMode: certificate
#opensearch.ssl.verificationMode: none

server.ssl.enabled: true
server.ssl.certificate: client.pem
server.ssl.key: client-key.pem
opensearch.ssl.certificateAuthorities: root-ca.pem

server.xsrf.allowlist: ["/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]


opensearch_security.multitenancy.enabled: true

opensearch_security.multitenancy.tenants.preferred: ["Global"]
opensearch_security.cookie.secure: true
opensearch_security.cookie.ttl: 86400000
opensearch_security.session.ttl: 86400000
opensearch_security.session.keepalive: true
opensearch_security.auth.type: 'saml'

about the config, I found it in one of the threads in the forum

Eugene7 · December 9, 2024, 2:27pm

Where did you receive the 400 error message? Do you see any error messages in the OpenSearch or OpenSearch Dashboards logs?

taltsafrir · December 10, 2024, 8:14am

I saw error 400 on opensearch dashboards log but nothing else
we receive those errors on chrome

rahulsen · December 12, 2024, 8:54am

Hi, I am also facing the same issue were you able to resolve it on Chrome? weirdly it works fine for me on Microsoft Edge

taltsafrir · December 12, 2024, 9:59am

no, it’s not resolved
but we are not working with microsoft edge

Eugene7 · January 2, 2025, 4:16pm

Hi @taltsafrir ,

I think you missed opensearch.username and opensearch.password parameters in opensearch_dashboards.yml .

If it’s possible, could you please send an error message?

taltsafrir · January 19, 2025, 10:39am

We actually discovered that some chrome extension caused it

Topic		Replies	Views
Jwt error in opensearch Security	3	617	January 12, 2023
Getting 400 error OpenSearch	4	271	May 8, 2024
SAML authenticating and failing without exception Security troubleshoot , configure	9	913	April 17, 2023
400 bad request from saml Security troubleshoot	4	120	June 24, 2024
SAML configuration problems Security	2	1841	August 23, 2019

Getting 400 bad request

Related topics