Opensearch-dashboards Error: failed parsing SAML config

infodata · August 1, 2022, 11:43am

Im getting these errors
saml config to connect azure ad
running on latest opensearch/opensearch-dashboards

opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-29T19:37:27Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:"
Failed to get saml header: Error: Error: failed parsing SAML config"}

opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-29T19:37:27Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n
at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse
(/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle
(/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n
at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler
(/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute
(/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n
at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n
at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n
at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards","
message”:“Internal Server Error”}

opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-29T20:12:56Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-29T20:12:56Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}

opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at runMicrotasks ()
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-29T19:29:15Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-29T19:29:15Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-07-29T19:29:15Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:500,“req”:{“url”:“/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards”,“method”:“get”,“headers”:{“x-forwarded-for”:“23.243.149.116”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e4350b-75878d2852c0acaa7c8fb93e”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,“sec-fetch-site”:“none”,“sec-fetch-mode”:“navigate”,“sec-fetch-user”:“?1”,“sec-fetch-dest”:“document”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“sec-ch-ua-platform”:“"Windows"”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”},“res”:{“statusCode”:500,“responseTime”:20,“contentLength”:9},“message”:“GET /auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards 500 20ms - 9.0B”}

opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at runMicrotasks ()
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-29T19:21:08Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-29T19:21:08Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n
at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n
at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-07-29T19:21:08Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:500,“req”:{“url”:“/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards”,“method”:“get”,“headers”:{“x-forwarded-for”:“47.188.107.62”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e43324-2d5c137c3ce624d303e96a5f”,“cache-control”:“max-age=0”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“sec-ch-ua-platform”:“"Windows"”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,“sec-fetch-site”:“none”,“sec-fetch-mode”:“navigate”,“sec-fetch-user”:“?1”,“sec-fetch-dest”:“document”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”},“res”:{“statusCode”:500,“responseTime”:20,“contentLength”:9},“message”:“GET /auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards 500 20ms - 9.0B”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-07-29T19:21:08Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:401,“req”:{“url”:“/favicon.ico”,“method”:“get”,“headers”:{“x-forwarded-for”:“47.188.107.62”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e43324-61627034033c98b549465614”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“sec-ch-ua-platform”:“"Windows"”,“accept”:“image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“no-cors”,“sec-fetch-dest”:“image”,“referer”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“referer”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards"},“res”:{“statusCode”:401,“responseTime”:2,“contentLength”:9},“message”:"GET /favicon.ico 401 2ms - 9.0B”}

opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)

opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-29T18:30:34Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-29T18:30:34Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:"Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n

opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-07-27T20:04:52Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:302,“req”:{“url”:“/”,“method”:“get”,“headers”:{“host”:“10.100.2.219:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate, br”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“sec-fetch-dest”:“document”,“sec-fetch-mode”:“navigate”,“sec-fetch-site”:“none”,“sec-fetch-user”:“?1”},“remoteAddress”:“10.160.0.234”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0”},“res”:{“statusCode”:302,“responseTime”:23,“contentLength”:9},“message”:“GET / 302 23ms - 9.0B”}

opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-07-27T20:04:52Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-07-27T20:04:52Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://10.100.2.219:5601/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-07-27T20:04:52Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:500,“req”:{“url”:“/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards”,“method”:“get”,“headers”:{“host”:“10.100.2.219:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate, br”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“sec-fetch-dest”:“document”,“sec-fetch-mode”:“navigate”,“sec-fetch-site”:“none”,“sec-fetch-user”:“?1”},“remoteAddress”:“10.160.0.234”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0”},“res”:{“statusCode”:500,“responseTime”:88,“contentLength”:9},“message”:“GET /auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards 500 88ms - 9.0B”}

infodata · August 1, 2022, 11:46am

config.yml
_meta:
type: “config”
config_version: “2”
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic”
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: “basic”
challenge: false
authentication_backend:
type: “internal”
saml_auth_domain:
description: “Authenticate via SAML”
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: “saml”
challenge: true
config:
attributes:
principal: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”
groups: “http://schemas.microsoft.com/ws/2008/06/identity/claims/role”
name: “http://schemas.microsoft.com/identity/claims/displayname”
mail: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”
idp:
metadata_url: "https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xx
entity_id: “https://sts.windows.net/xxx/”
sp:
entity_id: https://mydomain.io

        kibana_url: https://mydomain.io
        roles_key: roles
        exchange_key: 'xxxx'
        
    authentication_backend:
      type: noop
authz:
  ldap:
    http_enabled: true
    transport_enabled: true
    authorization_backend:
      type: ldap
      config:
        enable_ssl: false
        enable_start_tls: false
        enable_ssl_client_auth: false
        verify_hostnames: false
        hosts: "ldap-server:389"
        bind_dn: "CN=something,OU=some ou,OU=ou test,DC=test,DC=local"
        password: "password"
        userbase: "DC=test,DC=local"
        rolebase: "DC=test,DC=local"
        rolesearch: "(member={0})"
        rolename: "cn"
        username_attribute: "uid"
        usersearch: "(sAMAccountName={0})"
        resolve_nested_roles: true
        skip_users:
          - kibanaserver
          - admin

infodata · August 1, 2022, 6:35pm

tried update log4j

logger.token.name = com.amazon.dlic.auth.http.saml.Token
logger.token.level = debug

logger.securityjwt.name = com.amazon.dlic.auth.http.jwt
logger.securityjwt.level = trace

==============================================
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:21:00Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:302,“req”:{“url”:“/”,“method”:“get”,“headers”:{“x-forwarded-for”:“70.115.225.135”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e8198c-1d8a78a21593bf093073cdb2”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“sec-ch-ua-platform”:“"Windows"”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,“sec-fetch-site”:“none”,“sec-fetch-mode”:“navigate”,“sec-fetch-user”:“?1”,“sec-fetch-dest”:“document”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”},“res”:{“statusCode”:302,“responseTime”:3,“contentLength”:9},“message”:“GET / 302 3ms - 9.0B”}
opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-08-01T18:21:00Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-08-01T18:21:00Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:21:00Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:500,“req”:{“url”:“/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards”,“method”:“get”,“headers”:{“x-forwarded-for”:“70.115.225.135”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e8198c-07308d54040076b21c2a4648”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,“sec-fetch-site”:“none”,“sec-fetch-mode”:“navigate”,“sec-fetch-user”:“?1”,“sec-fetch-dest”:“document”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“sec-ch-ua-platform”:“"Windows"”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”},“res”:{“statusCode”:500,“responseTime”:11,“contentLength”:9},“message”:“GET /auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards 500 11ms - 9.0B”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:21:00Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:401,“req”:{“url”:“/favicon.ico”,“method”:“get”,“headers”:{“x-forwarded-for”:“70.115.225.135”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e8198c-41e553c2299280af1045346b”,“sec-ch-ua”:“".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"”,“sec-ch-ua-mobile”:“?0”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“sec-ch-ua-platform”:“"Windows"”,“accept”:“image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“no-cors”,“sec-fetch-dest”:“image”,“referer”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“10.100.4.28”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36”,“referer”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards"},“res”:{“statusCode”:401,“responseTime”:3,“contentLength”:9},“message”:"GET /favicon.ico 401 3ms - 9.0B”}

===========================================

opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:29:57Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:401,“req”:{“url”:“/app/login”,“method”:“get”,“headers”:{“host”:“10.100.2.219:5601”,“connection”:“close”,“user-agent”:“ELB-HealthChecker/2.0”,“accept-encoding”:“gzip, compressed”},“remoteAddress”:“10.100.3.4”,“userAgent”:“ELB-HealthChecker/2.0”},“res”:{“statusCode”:401,“responseTime”:8,“contentLength”:9},“message”:“GET /app/login 401 8ms - 9.0B”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:29:57Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:302,“req”:{“url”:“/”,“method”:“get”,“headers”:{“x-forwarded-for”:“70.115.225.135”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e81ba5-221321177a9bcb053f4a70a4”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate, br”,“upgrade-insecure-requests”:“1”,“sec-fetch-dest”:“document”,“sec-fetch-mode”:“navigate”,“sec-fetch-site”:“none”,“sec-fetch-user”:“?1”},“remoteAddress”:“10.100.3.4”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0”},“res”:{“statusCode”:302,“responseTime”:5,“contentLength”:9},“message”:“GET / 302 5ms - 9.0B”}
opensearch-dashboards | Error: failed parsing SAML config
opensearch-dashboards | at SecurityClient.getSamlHeader (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/backend/opensearch_security_client.ts:176:15)
opensearch-dashboards | at processTicksAndRejections (internal/process/task_queues.js:95:5)
opensearch-dashboards | at /usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/saml/routes.ts:62:30
opensearch-dashboards | at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:163:44)
opensearch-dashboards | at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)
opensearch-dashboards | at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
opensearch-dashboards | at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)
opensearch-dashboards | at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)
opensearch-dashboards | at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)
opensearch-dashboards | at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)
opensearch-dashboards | {“type”:“log”,“@timestamp”:“2022-08-01T18:29:58Z”,“tags”:[“error”,“plugins”,“securityDashboards”],“pid”:1,“message”:“Failed to get saml header: Error: Error: failed parsing SAML config”}
opensearch-dashboards | {“type”:“error”,“@timestamp”:“2022-08-01T18:29:58Z”,“tags”:,“pid”:1,“level”:“error”,“error”:{“message”:“Internal Server Error”,“name”:“Error”,“stack”:“Error: Internal Server Error\n at HapiResponseAdapter.toError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:143:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:97:19)\n at HapiResponseAdapter.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:92:17)\n at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:164:34)\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at handler (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:124:50)\n at exports.Manager.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/handler.js:31:20)\n at Request._lifecycle (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/opensearch-dashboards/node_modules/@hapi/hapi/lib/request.js:281:9)”},“url”:“https://mydomain.io/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards",“message”:"Internal Server Error”}
opensearch-dashboards | {“type”:“response”,“@timestamp”:“2022-08-01T18:29:58Z”,“tags”:,“pid”:1,“method”:“get”,“statusCode”:500,“req”:{“url”:“/auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards”,“method”:“get”,“headers”:{“x-forwarded-for”:“70.115.225.135”,“x-forwarded-proto”:“https”,“x-forwarded-port”:“443”,“host”:“mydomain.io”,“x-amzn-trace-id”:“Root=1-62e81ba6-2787650c372c67077fd2f8b6”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate, br”,“upgrade-insecure-requests”:“1”,“sec-fetch-dest”:“document”,“sec-fetch-mode”:“navigate”,“sec-fetch-site”:“none”,“sec-fetch-user”:“?1”},“remoteAddress”:“10.100.3.4”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0”},“res”:{“statusCode”:500,“responseTime”:60,“contentLength”:9},“message”:“GET /auth/saml/login?nextUrl=%2Fapp%2Fopensearch-dashboards 500 60ms - 9.0B”}

pablo · August 2, 2022, 11:06am

@infodata There is a bug in SAML authentication in version 2.1.0. It has already been reported to the dev team and they are currently working on it according to the bug.

github.com/opensearch-project/security-dashboards-plugin

Replace _opendistro route with _plugins

opensearch-project:main ← pc-jedi:fix-routes

opened 11:05AM - 31 Jan 22 UTC

pc-jedi

+10 -13

### Description In the documentation for [SAML](https://opensearch.org/docs/lat…est/security-plugin/configuration/saml/#opensearch-dashboards-configuration) the SSO URL and the white listed URL is already updated to `_plugins/_security` while the routes in the security plugin still are on `_opendistro/_security`. That causes a 404 response when trying to login. This PR changes the route in the plugin and aligns with the documentation. ### Category Bug fix and Documentation ### Why these changes are required? To align with the new naming schema and have it working like it is documented. ### What is the old behavior before changes and new behavior after changes? Before this PR the whitelisted URLs for SSO have to be set to `_opendistro/_security/..` also the configuration in the IdP to forward to the correct endpoint had to be `_security/saml/acs`. New behavior is that the URLs are now aligned with the documentation. ### Issues Resolved #836 ### Testing [Please provide details of testing done: unit testing, integration testing and manual testing] ### Check List - [ ] New functionality includes testing - [x] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

This is only present in version 2.1.0. Could you try version 2.0.1 instead?

infodata · August 3, 2022, 5:42pm

update I was able to get this working after revert to 2.0.1 I had to delete all data folder so it create new entire data indices

I did get below few times but not on second try , checking if see this issue again
https://mydomain.com/_opendistro/_security/saml/acs
{“statusCode”:400,“error”:“Bad Request”,“message”:“Invalid requestId”}

ZeroCool · August 12, 2022, 3:46pm

Hello!

I was just wondering if this now works again as before in 2.2.0

2022-08-05 Version 2.2.0 Release Notes

infodata · August 12, 2022, 7:35pm

yes saml works in 2.2.0 but not with older data folder i had to make new data and move out old data

Topic		Replies	Views
SAML integration with OpenSearch and OPensearch Dashboard Security troubleshoot	2	758	March 10, 2022
Opensearch/opensearch-dashboard Failed to get saml header: Error: Error: failed parsing SAML config Security troubleshoot	16	2180	July 27, 2022
SAML parsing error in Openseach Dashboard Application [ Dashboard version : 2.9.0 Image ] OpenSearch configure , upgrade	11	332	September 20, 2023
Azure SSO integration issue Security	10	494	February 14, 2024
Microsoft Entra ID: failed parsing SAML config OpenSearch Dashboards troubleshoot , configure , security-issue	2	55	April 11, 2024

Opensearch-dashboards Error: failed parsing SAML config

Related Topics