Integrating openid connect with opensearch throws an 401 unauthroised error , using azure ad as our idp

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

opensearch version : 2.3.0
opensearch dasboard : 2.3.0
Browser : Chrome

Describe the issue:
After configuring openid with opensearch it throws an error after entering the credentials ( using azure micorsoft sigin - azure ad ( idp ).

At first after configuration i was able to login succesfully but the permission were not retained ( had a complete new dashboard in place ). But after restarting the dashboard it throws an 401 error andn from then on I am not able to get to dashboard.

Configuration:

config.yml

   authc: 
     basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users database"
        http_enabled: true
        transport_enabled: true
        order: 1
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: internal

      openid_auth_domain:
        order: 0
        http_enabled: true
        transport_enabled: true
        http_authenticator:
          type: openid
          challenge: false
          config:
             roles_key: roles
             subject_key: email
             openid_connect_url: https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
        authentication_backend:
          type: noop

opensearch_dashboard.yml

opensearch_security.auth.type: openid
opensearch_security.openid.client_id: “id”
opensearch_security.openid.client_secret: secret_id
opensearch_security.openid.scope: “openid email profile offline_access User.Read”

opensearch_security.openid.base_redirect_url: https:/
opensearch_security.openid.connect_url: https://login.microsoftonline.com//v2.0/.well-known/openid-configuration

Note : after each change in any config file, I had run securyadmin.sh script

Relevant Logs or Screenshots:

could anyone please help me with this, I have been stuck with days on this now.

Can anyone help me with this please
I am open to provode any necessary information required for troubleshooting

@raj1209 Have you found a solution to your issue?
If not, could you share how did you configure the roles in Azure?
Did you map these roles as backend roles in OpenSearch security plugin?

Hi,
No I could not find the solution to it
I have not configured any roles on the Azure side, since we intend to use SSO only for Authentication and not for Authorization.

@raj1209 In that case did you map the authenticated user to the role in OpenSearch security?

The user role is admin with all admin rights.

role_mapping

all_access:
reserved: false
backend_roles:

  • “admin”
    description: “Maps admin to all_access”