@pablo Our two test opensearch server are new deploy last week. so the certificate are generate by opensearch during installation. these self signed certificate will not expired recently.
my test opensearch-dashboard use public certificate, which will expired next year. I think it’s not certificate issue.
it seems there few logs during login, how to enable debug log level for login? So we can find more information in the logs.
thanks.
@pablo it seems my issue as same as this, OIDC looping issue - too many redriects:
https://github.com/opensearch-project/security-dashboards-plugin/commit/015dc3f0be7e835f7ea3763bd56e9c81845db344
I check the js file /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/openid/routes.js
my verision is 2.1, sames not as the source code. could you check it?
thanks.
@pablo OIDC looping issue - too many redriects, this issue has been solved after upgrade to version 2.1.
but this issue still not solved. first time ok, after reboot opensearch, will get the error 401 and Unauthorized error.
Have you meet this error before?
thanks.
@pablo I add some debug log in the js. it always goto unauthorized way.
log [15:12:47.791] [debug][metrics] Refreshing metrics
log [15:12:48.726] [debug][plugins][securityDashboards] openId auth requestIncludesAuthInfo: undefined
log [15:12:48.727] [debug][server][OpenSearchDashboards][cookie-session-storage][http] Error: Unauthorized
log [15:12:48.728] [debug][plugins][securityDashboards] Auth header cookie: null
log [15:12:48.728] [debug][plugins][securityDashboards] UnauthedRequest send to auth workflow /
log [15:12:48.728] [debug][plugins][securityDashboards] request.url.pathname is:
log [15:12:48.728] [debug][plugins][securityDashboards] /
log [15:12:48.729] [debug][plugins][securityDashboards] this.isPageRequest is:
log [15:12:48.729] [debug][plugins][securityDashboards] true
respons [15:12:48.722] GET / 302 13ms - 9.0B
ops [15:12:48.736] memory: 83.9MB uptime: 0:00:39 load: [0.10 0.12 0.09] delay: 0.188
log [15:12:48.779] [debug][plugins][securityDashboards] openId auth requestIncludesAuthInfo: undefined
log [15:12:48.779] [debug][server][OpenSearchDashboards][cookie-session-storage][http] Error: Unauthorized
log [15:12:48.779] [debug][plugins][securityDashboards] Auth header cookie: null
log [15:12:48.780] [debug][plugins][securityDashboards] UnauthedRequest send to auth workflow /auth/openid/login
log [15:12:48.780] [debug][plugins][securityDashboards] request.url.pathname is:
log [15:12:48.780] [debug][plugins][securityDashboards] /auth/openid/login
log [15:12:48.780] [debug][plugins][securityDashboards] this.isPageRequest is:
log [15:12:48.780] [debug][plugins][securityDashboards] false
log [15:12:48.780] [debug][plugins][securityDashboards] UnauthedRequest
respons [15:12:48.777] GET /auth/openid/login 401 5ms - 9.0B
log [15:12:48.860] [debug][plugins][securityDashboards] openId auth requestIncludesAuthInfo: undefined
log [15:12:48.861] [debug][server][OpenSearchDashboards][cookie-session-storage][http] Error: Unauthorized
log [15:12:48.861] [debug][plugins][securityDashboards] Auth header cookie: null
log [15:12:48.861] [debug][plugins][securityDashboards] UnauthedRequest send to auth workflow /favicon.ico
log [15:12:48.862] [debug][plugins][securityDashboards] request.url.pathname is:
log [15:12:48.862] [debug][plugins][securityDashboards] /favicon.ico
log [15:12:48.862] [debug][plugins][securityDashboards] this.isPageRequest is:
log [15:12:48.862] [debug][plugins][securityDashboards] false
log [15:12:48.862] [debug][plugins][securityDashboards] UnauthedRequest
respons [15:12:48.859] GET /favicon.ico 401 4ms - 9.0B
it seems the router not go to : authorizationEndpoint.
public setupRoutes() {
this.router.get(
{
path: `/auth/openid/login`,
validate: {
query: schema.object(
{
code: schema.maybe(schema.string()),
nextUrl: schema.maybe(
schema.string({
validate: validateNextUrl,
})
),
state: schema.maybe(schema.string()),
refresh: schema.maybe(schema.string()),
},
{
unknowns: 'allow',
}
),
},
options: {
authRequired: false,
},
},
async (context, request, response) => {
// implementation refers to https://github.com/hapijs/bell/blob/master/lib/oauth.js
// Sign-in initialization
if (!request.query.code) {
const nonce = randomString(OpenIdAuthRoutes.NONCE_LENGTH);
const query: any = {
client_id: this.config.openid?.client_id,
response_type: 'code',
redirect_uri: `${getBaseRedirectUrl(
this.config,
this.core,
request
)}/auth/openid/login`,
state: nonce,
scope: this.openIdAuthConfig.scope,
};
const queryString = stringify(query);
const location = `${this.openIdAuthConfig.authorizationEndpoint}?${queryString}`;
const cookie: SecuritySessionCookie = {
oidc: {
state: nonce,
nextUrl: request.query.nextUrl || '/',
},
};
this.sessionStorageFactory.asScoped(request).set(cookie);
return response.redirected({
headers: {
location,
},
});
}
// Authentication callback
// validate state first
let cookie;
try {
cookie = await this.sessionStorageFactory.asScoped(request).get();
if (
!cookie ||
!cookie.oidc?.state ||
cookie.oidc.state !== (request.query as any).state
) {
return this.redirectToLogin(request, response);
}
} catch (error) {
return this.redirectToLogin(request, response);
}
const nextUrl: string = cookie.oidc.nextUrl;
const clientId = this.config.openid?.client_id;
const clientSecret = this.config.openid?.client_secret;
const query: any = {
grant_type: 'authorization_code',
code: request.query.code,
redirect_uri: `${getBaseRedirectUrl(this.config, this.core, request)}/auth/openid/login`,
client_id: clientId,
client_secret: clientSecret,
};
try {
const tokenResponse = await callTokenEndpoint(
this.openIdAuthConfig.tokenEndpoint!,
query,
this.wreckClient
);
const user = await this.securityClient.authenticateWithHeader(
request,
this.openIdAuthConfig.authHeaderName as string,
`Bearer ${tokenResponse.idToken}`
);
// set to cookie
const sessionStorage: SecuritySessionCookie = {
username: user.username,
credentials: {
authHeaderValue: `Bearer ${tokenResponse.idToken}`,
expires_at: Date.now() + tokenResponse.expiresIn! * 1000, // expiresIn is in second
},
authType: 'openid',
expiryTime: Date.now() + this.config.session.ttl,
};
if (this.config.openid?.refresh_tokens && tokenResponse.refreshToken) {
Object.assign(sessionStorage.credentials, {
refresh_token: tokenResponse.refreshToken,
});
}
this.sessionStorageFactory.asScoped(request).set(sessionStorage);
return response.redirected({
headers: {
location: nextUrl,
},
});
} catch (error) {
context.security_plugin.logger.error(`OpenId authentication failed: ${error}`);
if (error.toString().toLowerCase().includes('authentication exception')) {
return response.unauthorized();
} else {
return this.redirectToLogin(request, response);
}
}
}
);
@gehf This fix only changes the behaviour of the error handling and it doesn’t fix the root cause.
How do you deploy your cluster (service or docker)? I’ve seen localhost in your configuration. Do you use Ubuntu Desktop?
@pablo Yes, this is my customer’s test environment, he use Ubuntu Desktop, it confige as localhost. Do you know what’s the root cause of fail after many redirect?
my environment is on Centos 8, with public address. it always get 401 and Unauthorized error by oidc. but first time is ok, restart the opensearch-dashboards, then get this error. I don’t know what’s the root cause of this.
thanks.
@pablo yes, I try on different windows with incognito mode by chrome, same error message as 401 and Unauthorized. My customer also sometimes got this error after restart the opensearch-dashboards service. thanks.
@gehf I don’t see the answer on the type of deployment.
Did you or your customer deploy OpenSearch as a container or a Linux service?
@pablo my customer’s environment some time ok, sometimes also get 401 and unauthorized error.
so I compare the dashboards log, when get 401 error, I find there are no registering route handler for these:
“registering route handler for [/auth/openid/login]”}
“registering route handler for [/auth/logout]”}
and when work fine, there are registering route handler successful.
I find this :
https://github.com/opensearch-project/security-dashboards-plugin/issues/744
thanks.
@pablo this is the openid init function, I add debug log to print authorizationEndpoint and other information:
async init() {
try {
const response = await this.wreckClient.get(this.openIdConnectUrl);
const payload = JSON.parse(response.payload);
this.logger.debug(`authorizationEndpoint: ${payload.authorization_endpoint},tokenEndpoint: ${payload.token_endpoint},endSessionEndpoint: ${payload.end_session_endpoint}`);
this.openIdAuthConfig.authorizationEndpoint = payload.authorization_endpoint;
this.openIdAuthConfig.tokenEndpoint = payload.token_endpoint;
this.openIdAuthConfig.endSessionEndpoint = payload.end_session_endpoint || undefined;
const routes = new _routes.OpenIdAuthRoutes(this.router, this.config, this.sessionStorageFactory, this.openIdAuthConfig, this.securityClient, this.coreSetup, this.wreckClient);
routes.setupRoutes();
} catch (error) {
this.logger.error(error); // TODO: log more info
throw new Error('Failed when trying to obtain the endpoints from your IdP');
}
}
this is the registering route handler logs, there are no /auth/openid/login registed log line.
also the debug log for authorizationEndpoint information is print after opensearch-dashboard start.
log [03:29:39.637] [debug][server][OpenSearchDashboards][http] registering route handler for [/internal/index-pattern-management/preview_scripted_field]
log [03:29:39.638] [debug][server][OpenSearchDashboards][http] registering route handler for [/internal/index-pattern-management/resolve_index/{query}]
log [03:29:39.639] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/{resourceName}]
log [03:29:39.639] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/{resourceName}/{id}]
log [03:29:39.640] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/{resourceName}/{id}]
log [03:29:39.641] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/{resourceName}]
log [03:29:39.641] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/{resourceName}/{id}]
log [03:29:39.642] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/auth/authinfo]
log [03:29:39.643] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/audit]
log [03:29:39.643] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/audit/config]
log [03:29:39.644] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/cache]
log [03:29:39.645] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/restapiinfo]
log [03:29:39.647] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/validatedls/{indexName}]
log [03:29:39.648] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/index_mappings]
log [03:29:39.648] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/configuration/indices]
log [03:29:39.649] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/authtype]
log [03:29:39.650] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/multitenancy/tenant]
log [03:29:39.651] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/multitenancy/tenant]
log [03:29:39.651] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/multitenancy/info]
log [03:29:39.652] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/v1/multitenancy/migrate/{tenantindex}]
log [03:29:39.653] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/generateReport]
log [03:29:39.653] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/generateReport/{reportId}]
log [03:29:39.654] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/generateReport/{reportDefinitionId}]
log [03:29:39.655] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reports]
log [03:29:39.657] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reports/{reportId}]
log [03:29:39.658] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reportDefinition]
log [03:29:39.659] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reportDefinitions/{reportDefinitionId}]
log [03:29:39.659] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reportDefinitions]
log [03:29:39.660] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reportDefinitions/{reportDefinitionId}]
log [03:29:39.661] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/reportDefinitions/{reportDefinitionId}]
log [03:29:39.661] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/getReportSource/{reportSourceType}]
log [03:29:39.662] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting/stats]
log [03:29:39.663] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting_notifications/get_configs]
log [03:29:39.664] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting_notifications/get_event/{eventId}]
log [03:29:39.665] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/reporting_notifications/test_message/{configId}]
log [03:29:39.665] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_search]
log [03:29:39.666] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_indices]
log [03:29:39.667] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/applyPolicy]
log [03:29:39.668] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/editRolloverAlias]
log [03:29:39.669] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_data_streams]
log [03:29:39.670] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/policies]
log [03:29:39.670] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/policies/{id}]
log [03:29:39.671] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/policies/{id}]
log [03:29:39.672] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/policies/{id}]
log [03:29:39.673] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/managedIndices]
log [03:29:39.674] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/managedIndices/{id}]
log [03:29:39.675] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/retry]
log [03:29:39.675] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/changePolicy]
log [03:29:39.676] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/removePolicy]
log [03:29:39.677] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups]
log [03:29:39.677] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups/{id}]
log [03:29:39.678] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups/{id}]
log [03:29:39.679] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups/{id}]
log [03:29:39.679] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups/{id}/_start]
log [03:29:39.680] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/rollups/{id}/_stop]
log [03:29:39.681] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_mappings]
log [03:29:39.681] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms]
log [03:29:39.683] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/{id}]
log [03:29:39.684] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/{id}/_stop]
log [03:29:39.685] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/{id}/_start]
log [03:29:39.685] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/{id}]
log [03:29:39.686] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/{id}]
log [03:29:39.687] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_searchSampleData/{index}]
log [03:29:39.687] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/transforms/_preview]
log [03:29:39.688] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_notifications/channels]
log [03:29:39.689] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_notifications/channels/{id}]
log [03:29:39.689] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_snapshots]
log [03:29:39.690] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_snapshots/{id}]
log [03:29:39.691] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_snapshots/{id}]
log [03:29:39.692] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_snapshots/{id}]
log [03:29:39.692] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}]
log [03:29:39.693] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}]
log [03:29:39.694] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies]
log [03:29:39.695] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}]
log [03:29:39.695] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}]
log [03:29:39.696] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}/_start]
log [03:29:39.697] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/smPolicies/{id}/_stop]
log [03:29:39.698] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_repositores]
log [03:29:39.698] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_repositores/{id}]
log [03:29:39.699] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_repositores/{id}]
log [03:29:39.700] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ism/_repositores/{id}]
log [03:29:39.700] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors]
log [03:29:39.701] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}]
log [03:29:39.702] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/_search]
log [03:29:39.703] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/results/_search/]
log [03:29:39.704] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/results/_search]
log [03:29:39.704] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/results/_search/{resultIndex}/{onlyQueryCustomResultIndex}]
log [03:29:39.705] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}]
log [03:29:39.706] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors]
log [03:29:39.706] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/preview]
log [03:29:39.707] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{id}/results/{isHistorical}/{resultIndex}/{onlyQueryCustomResultIndex}]
log [03:29:39.708] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{id}/results/{isHistorical}]
log [03:29:39.708] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}]
log [03:29:39.709] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}/start]
log [03:29:39.710] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}/stop/{isHistorical}]
log [03:29:39.711] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}/_profile]
log [03:29:39.712] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorName}/_match]
log [03:29:39.715] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/_count]
log [03:29:39.715] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/{detectorId}/_topAnomalies/{isHistorical}]
log [03:29:39.716] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/detectors/_validate/{validationType}]
log [03:29:39.717] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/monitors/_search]
log [03:29:39.718] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/monitors/alerts]
log [03:29:39.718] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/_indices]
log [03:29:39.719] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/_aliases]
log [03:29:39.720] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/_mappings]
log [03:29:39.720] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/_search]
log [03:29:39.721] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/create_index]
log [03:29:39.722] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/bulk]
log [03:29:39.722] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/delete_index]
log [03:29:39.723] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/anomaly_detectors/create_sample_data/{type}]
log [03:29:39.723] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/timeline/functions]
log [03:29:39.724] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/timeline/run]
log [03:29:39.725] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/timeline/validate/opensearch]
log [03:29:39.725] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/input_control_vis/settings]
log [03:29:39.726] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/gantt_vis/query]
log [03:29:39.727] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/translatesql]
log [03:29:39.728] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/translateppl]
log [03:29:39.729] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/sqlquery]
log [03:29:39.729] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/pplquery]
log [03:29:39.730] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/sqlcsv]
log [03:29:39.731] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/pplcsv]
log [03:29:39.731] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/sqljson]
log [03:29:39.732] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/ppljson]
log [03:29:39.733] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/sqltext]
log [03:29:39.733] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql_console/ppltext]
log [03:29:39.734] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/get_configs]
log [03:29:39.735] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/get_config/{configId}]
log [03:29:39.735] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/create_config]
log [03:29:39.736] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/update_config/{configId}]
log [03:29:39.737] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/delete_configs]
log [03:29:39.737] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/features]
log [03:29:39.738] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/get_event/{eventId}]
log [03:29:39.739] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/notifications/test_message/{configId}]
log [03:29:39.739] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/metrics/vis/data]
log [03:29:39.740] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/metrics/fields]
log [03:29:39.741] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels]
log [03:29:39.741] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/{panelId}]
log [03:29:39.742] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels]
log [03:29:39.743] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/rename]
log [03:29:39.743] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/clone]
log [03:29:39.744] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/{panelId}]
log [03:29:39.745] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panelList/{panelIdList}]
log [03:29:39.745] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/filter]
log [03:29:39.746] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/panels/addSamplePanels]
log [03:29:39.747] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/visualizations]
log [03:29:39.747] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/visualizations/{savedVisualizationId}]
log [03:29:39.748] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/visualizations]
log [03:29:39.749] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/visualizations/replace]
log [03:29:39.749] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/operational_panels/visualizations/edit]
log [03:29:39.750] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/ppl/search]
log [03:29:39.750] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/dsl/search]
log [03:29:39.751] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/dsl/cat.indices]
log [03:29:39.752] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/dsl/indices.getFieldMapping]
log [03:29:39.752] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects]
log [03:29:39.753] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/{objectId}]
log [03:29:39.754] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/query]
log [03:29:39.754] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/vis]
log [03:29:39.755] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/query]
log [03:29:39.756] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/vis]
log [03:29:39.756] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/timestamp]
log [03:29:39.759] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/timestamp]
log [03:29:39.760] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/{objectIdList}]
log [03:29:39.760] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/event_analytics/saved_objects/addSampleSavedObjects/{sampleRequestor}]
log [03:29:39.761] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/]
log [03:29:39.762] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/{appId}]
log [03:29:39.762] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/]
log [03:29:39.763] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/rename]
log [03:29:39.763] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/]
log [03:29:39.764] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/application/{appList}]
log [03:29:39.765] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/trace_analytics/indices]
log [03:29:39.765] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/trace_analytics/query]
log [03:29:39.768] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/paragraph/update/run/]
log [03:29:39.769] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/paragraph/]
log [03:29:39.770] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/paragraph/]
log [03:29:39.770] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/set_paragraphs/]
log [03:29:39.771] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/paragraph]
log [03:29:39.771] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/paragraph/clearall/]
log [03:29:39.772] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/]
log [03:29:39.773] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note/{noteId}]
log [03:29:39.774] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note]
log [03:29:39.774] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note/rename]
log [03:29:39.775] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note/clone]
log [03:29:39.776] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note/{noteList}]
log [03:29:39.776] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/note/addSampleNotebooks]
log [03:29:39.777] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/observability/notebooks/visualizations]
log [03:29:39.778] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql/sqlquery]
log [03:29:39.778] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/sql/pplquery]
log [03:29:39.779] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/_find]
log [03:29:39.780] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/{type}/{id}]
log [03:29:39.781] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/scroll/counts]
log [03:29:39.782] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/scroll/export]
log [03:29:39.782] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/relationships/{type}/{id}]
log [03:29:39.783] [debug][server][OpenSearchDashboards][http] registering route handler for [/api/opensearch-dashboards/management/saved_objects/_allowed_types]
log [03:29:39.784] [debug][server][OpenSearchDashboards][http] registering route handler for [/]
log [03:29:39.785] [debug][server][OpenSearchDashboards][http] registering route handler for [/core]
log [03:29:39.785] [debug][server][OpenSearchDashboards][http] registering route handler for [/status]
log [03:29:39.787] [info][server][OpenSearchDashboards][http] http server running at https://0.0.0.0:5601
log [03:29:39.791] [debug][plugins][securityDashboards] authorizationEndpoint: https://test.okta.com/oauth2/default/v1/authorize,tokenEndpoint: https://test.okta.com/oauth2/default/v1/token,endSessionEndpoint: https://test.okta.com/oauth2/default/v1/logout
I’ve had those problems almost as carbon copy. 
I would like to close this thread with the obvious solution. I’m deploying Opensearch using helm charts.
In that case you’ve to run the securityadmin.sh script, not pointing to OS config but pointing to plugin-security config dir.
In my case was something like this:
/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig -cacert /usr/share/opensearch/config/root-ca.pem -cert /usr/share/opensearch/config/kirk.pem -key /usr/share/opensearch/config/kirk-key.pem -rev -icl
If you have this:
"No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic'
You haven’t applied securityadmin.sh properly.
Hope it works for anyone googling around this.