We have been struggling with 401 unauthorized error for openID integration (Keycloak as IdP) for Kibana with openDistro security plugin
The authentication integration works fine for the 1st time. But once we restart the kibana we are getting the 401 unauthorized error. To make kibana work we need to delete the .kibana index every time we restart kibana.
We also observed that the security_authentication cookies is not getting created after the kibana restart which could be the cause of the 401 unauthorized error.
Below are the configs we have used
elasticsearch.requestHeadersWhitelist: ["Authorization", "security_tenant"]
description: "Authenticate via HTTP Basic against internal users database"
Is the configuration you provided complete or there are parts excluded, like openid.client_secret?
Also, can you confirm which odfe version you are using?
@Anthony Thanks for reply
This is the complete configuration & as the keycloak client has a public access type so client_ secret is not set.
The ODFE version is 184.108.40.206
We tried integrating with Azure AD trial account & we are seeing the same behavior that after the restart of kibana getting 401 unauthorized.
Here in this integration we have included openid.client_secret in the kibana config.
I managed to reproduce your error, looking into it now
@Ajay Still looking into this, My local testing seems to indicate that the issue was introduced in 1.13.1, but was working fine in 1.13.0, as a temporary workaround have you tried 1.13.0?
@Anthony As a workaround we had downgraded the setup version to see if it works for older version.
Elasticsearch : 7.10.0
Kibana : 7.10.0
Opendistro : 220.127.116.11
But facing the same issue of 401 unauthorized after kibana restart.
We have not tried the ODFE 1.13.0 will check on that.
@Anthony Can you please provide the link for kibana_security_plugin-18.104.22.168. We are getting access denied when trying to download by changing the version number in plugin install URL.
We are able to install Opendistro_security_plugin for elasticsearch-22.214.171.124.
PS: We are having doubt about this working as it is not working for opendistro 126.96.36.199
@Ajay elasticsearch plugin: https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro-security-188.8.131.52.zip
However I have tested using docker-compose, with simply changing the images to:
I can also confirm using this testing environment 1.12.0 has the issue, but 1.13.0 doesn’t.
@Anthony Thanks for the response by changing the opendistro security to 1.13.0 resolved the issue.
@Ajay Could you submit a bug report for this using below link to bring awareness to the dev team:
I meet the same issue, first time is fine, but got the error message after restart:
the opensearch version is 2.1