@Gurs I’ve got 26.0.4 working with OpenID.
This is my JWT token.
{
"exp": 1746194718,
"iat": 1746194418,
"jti": "325080c5-9a30-412a-9c28-5fe7e6b05aad",
"iss": "https://dockerhub.pablo.local:8443/realms/opensearch",
"aud": "account",
"sub": "b2cfd869-aa2d-48d8-ac6a-ffde94a867c1",
"typ": "Bearer",
"azp": "docker2-openid",
"sid": "4397fe98-59b5-446f-afa2-8b0ace8ed20d",
"allowed-origins": [
"https://docker2.pablo.local:5601"
],
"realm_access": {
"roles": [
"kibanauser2",
"default-roles-opensearch",
"offline_access",
"admin",
"uma_authorization",
"kibanauser"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"scope": "openid email profile",
"email_verified": false,
"roles": [
"kibanauser2",
"default-roles-opensearch",
"offline_access",
"admin",
"uma_authorization",
"kibanauser"
],
"preferred_username": "admin"
}
and this is my working config.yml
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: "192\\.168\\.0\\.10|192\\.168\\.0\\.11"
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: "basic"
challenge: false
authentication_backend:
type: "intern"
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: "openid"
challenge: false
config:
subject_key: "preferred_username"
roles_key: "roles"
openid_connect_url: "https://keycloak.pablo.local:8443/realms/opensearch/.well-known/openid-configuration"
openid_connect_idp.pemtrustedcas_filepath: "/usr/share/opensearch/config/keycloak.crt"
openid_connect_idp.enable_ssl: true
skip_users:
- "kibanaro"
- "kibanaserver"
- "logstash"
- "adminp"
- "fliebeat_internal"
- "kibanauser"
authentication_backend:
type: "noop"
In my config I use roles as roles_key.
Can you share your JWT token?