Has anyone configured cloudflare access SSO for opensearch dashboard?

lapidnw · April 26, 2024, 2:17pm

Hey,

i was wondering if anyone has configured Opensearch Dashboard to use the Cf-Access-Jwt-Assertion-Header (described here ) provided by Cloudflare with every request that goes through there Tunnel together with the JWT Authentication Backend as Authenticationmethod?

Unfortunately i could not find any articles or documentation about this. I found on the JWT-Authentication Page that i need to set the following configuration in the opensearch dashboard, which made me wonder if this is even possible since there seems to be no option for Headers:

opensearch_security.auth.type: "jwt"
opensearch_security.jwt.url_param: <your-param-name-here>

Mantas · April 26, 2024, 3:20pm

Hi @lapidnw,

You can set the header in config.yml i.e:

jwt_auth_domain.http_authenticator.config.jwt_header: "Authorization"

Note: in your opensearch_dashboards you will need to allow it as well.
i.e:
opensearch.requestHeadersWhitelist: [Authorization]

Let me know if you have any further questions.

Best,
mj

Topic		Replies	Views
Configuration of JWT in URL for authentication Security configure	7	1671	June 19, 2023
I want to configure opensearch dashboards behind a reverse proxy, that will do the SSL authentication for me Security	12	2924	August 31, 2023
Opensearch-dashboards SSO login failed with error 401 Unauthorized OpenSearch Dashboards	13	1011	February 23, 2024
Opensearch dashboards getting No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic' when trying to login via SSO OpenSearch Dashboards	19	3006	October 31, 2024
Enabled JWT Authentication for Opensearch Security	19	2859	April 6, 2023

Has anyone configured cloudflare access SSO for opensearch dashboard?

Related topics