How to enable SAML for AWS-managed OpenSearch

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): OpenSearch_3.1

Describe the issue:

Hi,

our OpenSearch domain is AWS based and fine-grained access control is enabled. Currently basic auth is used by services and users to access OpenSearch. While trying to enabling SAML authentication in our OpenSearch domain, I came across these issues.

1. OpenSearch Dashboard does not provide SAML configuration option (since we’re using AWS-managed OpenSearch.)
2. Using API introduced in this page was blocked, with the error, “{“Message”:“Your request: ‘/_plugins/_security/api/securityconfig/config’ is not allowed.”}” → this seems to be also because we’re using AWS-managed OpenSearch.
3. AWS OpenSearch documentation recommends to enable SAML directly in AWS console, due to long xml data we need to add (which I got from ITSD).
4. We can use terraform to add this, but whole xml text should be stored in one of the .tf file.

These are the result of my research. Are all of these points correct? And is there any other option you would suggest?

Thanks in advance.

Configuration: AWS-managed OpenSearch in VPC domain.

Relevant Logs or Screenshots:

@jin As you mentioned in your post, this is AWS managed service. It will have limitations comparing to self-hosted cluster. At this point I would suggest to contact AWS support and see what options you have.