Microsoft Entra ID: failed parsing SAML config

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

2.13.0

Describe the issue:

I am unable to get SAML configured, I generally followed instructions from: Set Up Single Sign-On in OpenSearch Using Azure Active Directory

Configuration:

opensearch-dashboards.yml:

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
opensearch_security.cookie.secure: true
server.host: '0.0.0.0'

opensearch_security.auth.type: ["basicauth", "saml"]
opensearch_security.auth.multiple_auth_enabled: true
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]

config.yml:

    authc:
      basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users database"
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: intern
      saml_auth_domain:
        http_enabled: true
        transport_enabled: false
        order: 1
        http_authenticator:
          type: saml
          challenge: true
          config:
            idp:
              metadata_url: https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx
              #SAML's metadata url, provided by your IdP
              entity_id: https://sts.windows.net/xxx/
            #SAML's IdP entity ID, provided by your IdP
            sp:
              entity_id: elasticsearch
            kibana_url: https://logs.digitaltolk.net/
            roles_key: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
            exchange_key: xxx
        authentication_backend:
          type: noop

Relevant Logs or Screenshots:

Error: failed parsing SAML config
    at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:212:15)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:78:30
    at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:174:44)
    at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:140:50)
    at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
    at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
    at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
    at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
    at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)

I can run with no issues:

plugins/opensearch-security/tools/securityadmin.sh -cd config/opensearch-security/   -icl   -nhnv   -cacert config/root-ca.pem   -cert config/admin.pem   -key config/admin-key.pem

but changes are not applied - e.g. in dashboard > security I do not see my changes.

Sorted - I did not upload the right file

thanks for coming back and updating the thread - glad you got it working!