Keycloak with opensearch is not working

Hi @Mantas,

Created new realm role called roles and user kannan is mapped to that role. Still getting the same error.

Refer the below access_token after decode:

{
  "exp": 1705467439,
  "iat": 1705467139,
  "jti": "fac630d2-1821-4366-8d60-195a0574d8af",
  "iss": "https://efktest.com/auth/realms/os",
  "aud": [
    "grafana",
    "kubernetes"
  ],
  "sub": "582aa0ee-08a6-4eea-96a5-6f024dbf4b1b",
  "typ": "Bearer",
  "azp": "grafana",
  "session_state": "946fa32d-cb73-42bf-96d3-5a855c4bd5d5",
  "acr": "1",
  "allowed-origins": [
    "*"
  ],
  "resource_access": {
    "grafana": {
      "roles": [
        "roles"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid email profile my-good-service",
  "sid": "946fa32d-cb73-42bf-96d3-5a855c4bd5d5",
  "email_verified": true,
  "roles": [
    "default-roles-nha",
    "offline_access",
    "roles",
    "opensearch-secure",
    "uma_authorization",
    "specialuser",
    "default-roles-nha",
    "offline_access",
    "roles",
    "opensearch-secure",
    "uma_authorization",
    "specialuser"
  ],
  "name": "Kannan V",
  "preferred_username": "kannan",
  "given_name": "Kannan",
  "family_name": "V",
  "email": "kannan@test.com"
}

Hi @kannan,

Could you please run the below and share the output:

curl --insecure -u admin:admin -XGET https://<OS_node>:9200/_plugins/_security/api/rolesmapping/all_access?pretty

thanks,
mj

Hi @Mantas ,
Refer the output for the above command
image

Hi @kannan,

One more thing I`ve just noticed you’ll need to switch “Add to ID token” to ON:

Can you test that and let me know?

Thanks,
mj

Hi @Mantas ,

Still getting the same error.

Hi @kannan ,

Have you found a solution yet?
If not, could you share your the latest:

  • error
  • jwt token
  • config.yml

Thanks,
Mantas