Opensearch-Dashboards + Okta (OpenID Connect)

I have this issue in integrating Okta OpenID Connect to my Opensearch-dashboards;


Here are my configs:

  • config.yml
 http_enabled: true
 transport_enabled: true
 order: 1
   type: openid
  challenge: true
       verify_hostnames: false
       enable_ssl: true
  type: noop
  • opensearch-dashboards.yml
opensearch_security.auth.type: "openid"
opensearch_security.openid.connect_url: ""
opensearch_security.openid.client_id: "ea9613IIIDDDIDIDI42489e0ff2"
opensearch_security.openid.client_secret: "dcc22711SECRETTTb4dd6b"
opensearch_security.cookie.isSameSite: None
opensearch_security.openid.verify_hostnames: false
opensearch_security.openid.base_redirect_url: "https://k1b4naUrL:5601/"

I am using Opensearch v1.2.3 and Opensearch-dashboards v1.2.0

Did I missed something here? Thanks in advance!

1 Like

As with any other YAML file, please pay special attention to the proper indentation in your config.yml file. Please make sure all your values are indented as shown in the example configuration here:

Also, since you’re using SSL/TLS when connecting to the IdP to obtain the “.well-known” config, you’d need to configure the CA certificate in pemtrustedcas_filepath: or pemtrustedcas_content:
(this would be the CA that signed your IdP certificate)

Hello. Thanks for your response.

Is it not possible to make the connection unsecured so it will ignore the cert configuration?

You could use an insecure connection by disabling hostname verification (NOT recommended for a Production cluster) - or you can provide the CA cert (the one that signed the IdP certificate).

However, I’d first confirm your config.yml file is correctly formatted (proper indentation). You can upload your configuration as usual, by executing

./ -cd ../../../config/opensearch-security/ -icl -nhnv \
  -cacert ../../../config/root-ca.pem \
  -cert ../../../config/kirk.pem \
  -key ../../../config/kirk-key.pem

And then retrieve it (obtain a backup) also by executing

./ -backup my-backup-directory \
  -icl \
  -nhnv \
  -cacert ../../../config/root-ca.pem \
  -cert ../../../config/kirk.pem \
  -key ../../../config/kirk-key.pem

So that you can compare what was actually stored in the security index (what you’ll obtain in your backup) against what you initially uploaded. If there are any differences, please share the config you get in your backup.

@nardixcx Could you take a look at this thread?

Okta/OpenID(OIDC) authentication

Please verify the OKTA application configuration including the roles claim config and the redirect URL value.

Are you getting redirected to the OKTA login page?