Just to make this even more clear, it took me a while and various forum threads including this one and also this one to figure out what’s going on.
This is only needed if you want to change the open search dashboards username from kibanaserver to something else.
Assuming you’ve setup authentication (method doesn’t matter, can be basic auth or client cert) correctly, and the user itself works, there are two things that need to be done:
- Assign proper permissions
- Change the Dashboards Username in Opensearch (!) settings
For 1, it is usually sufficient to use the built-in kibana_server role. In my case, a role_mapping such as the following is sufficient:
kibana_server:
reserved: true
users:
- 'CN=xyz,OU=xxx,O=xxx'
The second one, and that’s probably what most people forget, and what @Anthony mentioned above - you need to change the single username that is used for Kibana / Opensearch Dashboards in opensearch-security config.yml:
config:
dynamic:
kibana:
server_username: 'CN=xyz,OU=xxx,O=xxx'
authc:
... your settings