OIDC SSO configured through helm not working

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:
I have configured oidc using helm for dahsboard and opensearch getting unauthroised error while doing log with sso.

Configuration:
Dashboard config

config: 
  # Default OpenSearch Dashboards configuration from docker image of Dashboards
  opensearch_dashboards.yml: |
    opensearch_security.auth.type: ["openid","basicauth"]
    opensearch.username: "kibanaserver"
    opensearch.password: "kibanaserver"
    opensearch_security.auth.multiple_auth_enabled: true
    # Disable SSL verification when using self-signed demo certificates
    # allowlist basic headers and multi-tenancy header
    opensearch.requestHeadersAllowlist: ["Authorization", "securitytenant"]
    opensearch.ssl.verificationMode: none
    opensearch_security.openid.base_redirect_url: https://test.opensearch.com
    opensearch_security.openid.client_id: secrettt_id
    opensearch_security.openid.client_secret: secrettt
    opensearch_security.openid.scope: "openid email roles"
    opensearch_security.openid.connect_url: myidp/.well-known/openid-configuration

dataComplete: false
    data: 
      config: |-
        _meta:
          type: "config"
          config_version: 2
        config:
          dynamic:
            http:
              anonymous_auth_enabled: false
            authc:
              basic_internal_auth_domain:
                http_enabled: true
                transport_enabled: true
                order: 0
                http_authenticator:
                  type: basic
                  challenge: false
                authentication_backend:
                  type: internal
              openid_auth_domain:
                http_enabled: true
                transport_enabled: true
                order: 1
                http_authenticator:
                  type: openid
                  challenge: false
                  config:
                    subject_key: email
                    roles_key: roles
                    openid_connect_url: myidp/.well-known/openid-configuration
                authentication_backend:
                  type: noop
    
      # config.yml: |-
      # internal_users.yml: |-
      #roles.yml:
    

jwt token receiving from idp

{
“email_verified”: true,
“iat”: 1733596079,
“iss”: “testidp”,
“aud”: “ad8fbebedd8400c6188eadde1db9a18b”,
“acr”: “1”,
“sid”: “_da_0fvqNh3AE8sXaQnrDLFx4e09cBAWp_TX13pu7DDhIc1eyUeyFnlTx0MxBkRDdizcCbrfvYLvDP8a4AhardBwT-lPu-fdfdsfdsfdsfs-AzCV4FsooHzWu9s”,
“at_hash”: “NDhH77aEmN_JBIs4W580SQ”,
“exp”: 1733596389,
“sub”: “29c9058f31c8bd06d6dcd497c7454545454563bb3ac77e9762e49a89f57a85”,
“email”: “onk@test.com”,
“roles”: “admin”
}

Relevant Logs or Screenshots:

while accessing application getting

401 Unauthorized

can someone help me to identify issue

Hi @ochavan,

Could you share the output of the following:

curl --insecure -u <admin_username>:<admin_password> -XGET https://<OS_node>:9200/_plugins/_security/api/securityconfig?pretty

Best,
mj

Do you have a role mapping from backend role admin → role all_access? Are you getting the 401 when trying to log into dashboards?

@cwperks thanks for the reply issue resolved.
configuration not loaded properly so i was facing that issue .

Hey @Mantas issue resolved, conf not getting loaded properly.
i have deleted previous pvc and helm install ran again…
and everything works fine …

Thanks
Onkar