With Kibana, I have below config in use. Some of the settings might be unnecessary as I was trying various things to get it working:
server.name: kibana
server.host: “0.0.0.0”
elasticsearch.hosts: ${ELASTICSEARCH_URL}
elasticsearch.requestTimeout: 360000
server.ssl.enabled: true
server.ssl.key: /usr/share/kibana/config/kibana-key.pem
server.ssl.certificate: /usr/share/kibana/config/kibana-crt.pem
elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/kibana-root-ca.pem
elasticsearch.ssl.verificationMode: none
elasticsearch.username: “kibanaserver”
elasticsearch.password: “xxx”
elasticsearch.requestHeadersWhitelist: [“Authorization”, “security_tenant”, “securitytenant”]
opendistro_security.auth.type: “openid”
opendistro_security.openid.connect_url: “https://xxx/auth/realms/yyy/.well-known/openid-configuration”
opendistro_security.openid.client_id: “kibana”
opendistro_security.openid.client_secret: “xxx”
opendistro_security.openid.root_ca: “/usr/share/kibana/config/keycloak-root-ca.pem”
opendistro_security.openid.base_redirect_url: “https://xxx”
opendistro_security.cookie.secure: false
opendistro_security.cookie.password: “xxx”
opendistro_security.readonly_mode.roles: [“kibana_read_only”]
logging.verbose: false
See also this discussion, it has more information available: OpenID authentication and "Authentication finally failed for null"