Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch 2.5.0
Describe the issue:
i deployed OpenSearch and enabled openid auth with keycloak. I set the access_token expire in 5 minutes and the refresh_token expire in 30 minutes.But i found that seems OpenSearch could not auto refresh access_token. And i had to login again every 5 minutes.
Configuration:
Here is configs in opensearch_dashboards.yml:
opensearch.hosts: [http://localhost:9200]
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver
opensearch.password: **********
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.session.ttl: 14400000
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.openid.verify_hostnames: false
opensearch_security.openid.refresh_tokens: false
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.openid.base_redirect_url: http://localhost:5601
opensearch_security.openid.connect_url: http://172.17.165.127:6080/realms/master/.well-known/openid-configuration
opensearch_security.openid.client_id: opensearch
opensearch_security.openid.client_secret: *********************
opensearch_security.openid.scope: "openid profile email address phone"
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [opensearch_read_only]
opensearch_security.cookie.secure: false
server.host: '0.0.0.0'
And here is config in opensearch-security/config.yml:
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: roles
openid_connect_url: http://172.17.165.127:6080/realms/master/.well-known/openid-configuration
authentication_backend:
type: noop
Relevant Logs or Screenshots:
i tried with Postman to refresh access_token, and here was the response:
Please review and advice if need other information.Thanks a lot!