Opensearch Dashboards Returning 500 when logout using Dex

Hello everyone,

We have our Opensearch installation in Kubernetes using helm chart. The security plugin is configured with OpenID connect using Dex. Here is security plugin cofig.yml file:

_meta:
    type: "config"
    config_version: 2
config:
  dynamic:
    kibana:
      # Kibana multitenancy
      multitenancy_enabled: true
      server_username: kibanaserver
      index: ".kibana"

    do_not_fail_on_forbidden: false

    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
    authc:
      basic_internal_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: internal
      openid_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 1
        http_authenticator:
          type: openid
          challenge: false
          config:
            subject_key: preferred_username
            roles_key: groups
            openid_connect_url: https://<dex-host>/.well-known/openid-configuration
        authentication_backend:
          type: noop

Opensearch Dashboards is configured with SSO as below:

server.host: "0.0.0.0"

opensearch.hosts: ["http://opensearch-cluster-master:9200"]

opensearch.username: ${OPENSEARCH_USERNAME}
opensearch.password: ${OPENSEARCH_PASSWORD}

opensearch.ssl.verificationMode: none
  
opensearch_security.auth.type: "openid"
opensearch_security.openid.connect_url: https://<dex-host>/.well-known/openid-configuration
opensearch_security.openid.client_id: opensearch
opensearch_security.openid.client_secret: "<client-secret>"
opensearch_security.openid.base_redirect_url: https://<opensearch-dashboards-base-url>/
opensearch_security.openid.scope: "openid profile groups"

opensearch.requestHeadersWhitelist: [ "Authorization", "securitytenant", "security_tenant"]



opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true
opensearch_security.multitenancy.tenants.preferred: ["Global", "Private"]
opensearch_security.multitenancy.enable_filter: false

opensearch_security.readonly_mode.roles: ["kibana_read_only"]

Login works fine, but when we try to logout from Opensearch Dashboards, the server returns 500 with this error message:

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}

Looking at OS Dashboards logs we see these two log lines:

{"type":"log","@timestamp":"2022-05-11T19:51:47Z","tags":["error","http"],"pid":1,"message":"{ TypeError [ERR_INVALID_URL]: Invalid URL: undefined\n    at onParseError (internal/url.js:241:17)\n    at new URL (internal/url.js:319:5)\n    at composeLogoutUrl (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/openid/helper.ts:83:21)\n    at router.get (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/openid/routes.ts:199:31) input: 'undefined' }"}
{"type":"error","@timestamp":"2022-05-11T19:51:47Z","tags":[],"pid":1,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toInternalError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:82:19)\n    at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:177:34)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/auth/logout","path":"/auth/logout","href":"/auth/logout"},"message":"Internal Server Error"}

Anyone knows how to solve this?

Also I want to mention that we had the same configuration in OpenDistro (before we migrated to Opensearch) and it was working fine.