Opensearch Dashboards Returning 500 when logout using Dex

OpenSearch Dashboards
,
1

Hello everyone,

We have our Opensearch installation in Kubernetes using helm chart. The security plugin is configured with OpenID connect using Dex. Here is security plugin cofig.yml file:

_meta:
    type: "config"
    config_version: 2
config:
  dynamic:
    kibana:
      # Kibana multitenancy
      multitenancy_enabled: true
      server_username: kibanaserver
      index: ".kibana"

    do_not_fail_on_forbidden: false

    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
    authc:
      basic_internal_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: basic
          challenge: false
        authentication_backend:
          type: internal
      openid_auth_domain:
        http_enabled: true
        transport_enabled: true
        order: 1
        http_authenticator:
          type: openid
          challenge: false
          config:
            subject_key: preferred_username
            roles_key: groups
            openid_connect_url: https://<dex-host>/.well-known/openid-configuration
        authentication_backend:
          type: noop

Opensearch Dashboards is configured with SSO as below:

server.host: "0.0.0.0"

opensearch.hosts: ["http://opensearch-cluster-master:9200"]

opensearch.username: ${OPENSEARCH_USERNAME}
opensearch.password: ${OPENSEARCH_PASSWORD}

opensearch.ssl.verificationMode: none
  
opensearch_security.auth.type: "openid"
opensearch_security.openid.connect_url: https://<dex-host>/.well-known/openid-configuration
opensearch_security.openid.client_id: opensearch
opensearch_security.openid.client_secret: "<client-secret>"
opensearch_security.openid.base_redirect_url: https://<opensearch-dashboards-base-url>/
opensearch_security.openid.scope: "openid profile groups"

opensearch.requestHeadersWhitelist: [ "Authorization", "securitytenant", "security_tenant"]



opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true
opensearch_security.multitenancy.tenants.preferred: ["Global", "Private"]
opensearch_security.multitenancy.enable_filter: false

opensearch_security.readonly_mode.roles: ["kibana_read_only"]

Login works fine, but when we try to logout from Opensearch Dashboards, the server returns 500 with this error message:

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred."}

Looking at OS Dashboards logs we see these two log lines:

{"type":"log","@timestamp":"2022-05-11T19:51:47Z","tags":["error","http"],"pid":1,"message":"{ TypeError [ERR_INVALID_URL]: Invalid URL: undefined\n    at onParseError (internal/url.js:241:17)\n    at new URL (internal/url.js:319:5)\n    at composeLogoutUrl (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/openid/helper.ts:83:21)\n    at router.get (/usr/share/opensearch-dashboards/plugins/securityDashboards/server/auth/types/openid/routes.ts:199:31) input: 'undefined' }"}
{"type":"error","@timestamp":"2022-05-11T19:51:47Z","tags":[],"pid":1,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Internal Server Error\n    at HapiResponseAdapter.toInternalError (/usr/share/opensearch-dashboards/src/core/server/http/router/response_adapter.js:82:19)\n    at Router.handle (/usr/share/opensearch-dashboards/src/core/server/http/router/router.js:177:34)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/auth/logout","path":"/auth/logout","href":"/auth/logout"},"message":"Internal Server Error"}

Anyone knows how to solve this?

Also I want to mention that we had the same configuration in OpenDistro (before we migrated to Opensearch) and it was working fine.