OpenID connect using azure: Getting too_many_redirects

skopen · February 1, 2022, 9:22am

Able to authenticate with user and pwd , but after that its throws too_many_directs…kindly help me on this issue please.

opensearch_security:
auth:
type: “openid”
openid:
connect_url: “xxxxxx.well-known/openid-configuration”
client_id: “xxx”
client_secret: “xxxxx”
scope: “openid”
#base_redirect_url: “http://xxxxhost:5601”
multitenancy:
enabled: true
tenants:
preferred:

Private
Global
readonly_mode:
roles:
kibana_read_only
cookie:
secure: true
opensearch:
hosts:
https://xxxxxhost:9200
ssl:
verificationMode: none
username: “kibanaserver”
password: “kibanaserver”
requestHeadersWhitelist:
authorization
securitytenant

config:

There are multiple ways to define the configuration here:

* If you define anything under data, the chart will automatically create

a secret and mount it.

* If you define securityConfigSecret, the chart will assume this secret is

created externally and mount it.

* It is an error to define both data and securityConfigSecret.

#securityConfigSecret:
data:
config.yml: |-
dynamic:
authc:
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order:
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: roles
openid_connect_url: xxxx
skip_users:

kibanaro
kibanaserver
logstash
adminp
admin
filebeat_internal
kibanauser
authentication_backend:
type: noop

kris · February 1, 2022, 10:27pm

moving to the Security category

pablo · February 2, 2022, 2:46am

@skopen Is it ODFE or OpenSearch? What version are you running?

skopen · February 2, 2022, 6:21am

@pablo
Using opensearch , version 1.2.3 i’m using helm chart for delpoyment

sastorsl · February 2, 2022, 7:06am

Check the URL’s, application ID and client secret from your OIDC vendor, ensure they are exactly correct. Make sure to check both opensearch and opensearch-dashboards.

NB! Any changes to opensearch have to be added by running the security script - which in turn updates the security index.

Ensure that opensearch-dashboards can “call back” to your OIDC vendor. Is there a firewall in place? Can you proxy the request? If you are running containers “enter” the container with bash and test outbound connectivity with curl.

You can also change the opensearch log4j2 configuration to get more logging.

pablo · February 2, 2022, 10:39am

@skopen What is your redirect URL in Azure?

skopen · February 3, 2022, 7:22am

Hi @pablo
i’m using below url,
https://localhost:5601
currently we are using localhost url and getting error with too_many_redirects

pablo · February 3, 2022, 2:08pm

@skopen do you access OpenSearch Dashboards with localhost or FQDN?
This redirect means that you hosting OpenSearch Dashboards on your own machine.

Topic		Replies	Views
OpenID connect in Opensearch dashboard: too_many_redirects OpenDistro	6	1697	December 8, 2021
OpenID connect fails with TOO MANY REDIRECTS Security troubleshoot	25	2845	June 10, 2022
OpenID Connect in Kibana Open Distro: too_many_redirects Security	18	1377	November 15, 2021
Opendashboard, Keycloak and Google - TOO MANY REDIRECTIONS Security	12	2175	October 4, 2021
OpenID Connect & Basic Authentication on Kibana Security	2	1080	January 4, 2021