Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.12
Describe the issue:
I have several issues with OpenId. The below configuration works, but i sometimes get kicked back to the login screen, where i just have to klick on SingleSignOn, and i am logged in without authentication.
While comparing my config with the config from the documentation, i realized:
- for basic auth the documentation says “type: internal”, but many configs have “type: intern” - does this make a difference?
- The documentation says, that basic auth has to be before OpenId. But when i swap the orders, i get a “unauthorized 401”. This is really confusing! What did i do wrong?
For the dashboard i have the setting: opensearch_security.auth.type: ‘[“basicauth”,“openid”]’
Configuration:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: "1"
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: "0"
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: groups
openid_connect_url: "https://keycloak.mydomain.de/realms/myrealm/.well-known/openid-configuration"
authentication_backend:
type: noop