OpenID connect using azure: Getting too_many_redirects

Hi
@sastorsl

Able to authenticate with user and pwd , but after that its throws too_many_directs…kindly help me on this issue please.

opensearch_security:
auth:
type: “openid”
openid:
connect_url: “xxxxxx.well-known/openid-configuration”
client_id: “xxx”
client_secret: “xxxxx”
scope: “openid”
#base_redirect_url:http://xxxxhost:5601
multitenancy:
enabled: true
tenants:
preferred:

Private
Global
readonly_mode:
roles:
kibana_read_only
cookie:
secure: true
opensearch:
hosts:
https://xxxxxhost:9200
ssl:
verificationMode: none
username: “kibanaserver”
password: “kibanaserver”
requestHeadersWhitelist:
authorization
securitytenant


config:

There are multiple ways to define the configuration here:

* If you define anything under data, the chart will automatically create

a secret and mount it.

* If you define securityConfigSecret, the chart will assume this secret is

created externally and mount it.

* It is an error to define both data and securityConfigSecret.

#securityConfigSecret:
data:
config.yml: |-
dynamic:
authc:
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order:
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: roles
openid_connect_url: xxxx
skip_users:

  • kibanaro
  • kibanaserver
  • logstash
  • adminp
  • admin
  • filebeat_internal
  • kibanauser
    authentication_backend:
    type: noop

moving to the Security category

@skopen Is it ODFE or OpenSearch? What version are you running?

@pablo
Using opensearch , version 1.2.3 i’m using helm chart for delpoyment

Check the URL’s, application ID and client secret from your OIDC vendor, ensure they are exactly correct. Make sure to check both opensearch and opensearch-dashboards.

NB! Any changes to opensearch have to be added by running the security script - which in turn updates the security index.

Ensure that opensearch-dashboards can “call back” to your OIDC vendor. Is there a firewall in place? Can you proxy the request? If you are running containers “enter” the container with bash and test outbound connectivity with curl.

You can also change the opensearch log4j2 configuration to get more logging.

@skopen What is your redirect URL in Azure?

Hi @pablo
i’m using below url,
https://localhost:5601
currently we are using localhost url and getting error with too_many_redirects

@skopen do you access OpenSearch Dashboards with localhost or FQDN?
This redirect means that you hosting OpenSearch Dashboards on your own machine.