configuration:
opensearch-security/config.yml
authc:
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: roles
openid_connect_url: url-.well-known/openid-configuration
authentication_backend:
type: noop
opensearch-dashboard.yml
opensearch.hosts: [urllocalhost:9200]
opensearch.ssl.verificationMode: none
opensearch.username:
opensearch.password:
#opensearch.requestHeadersWhitelist: [authorization, securitytenant, WWW-Authenticate]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false
#opensearch_security.auth.disableAnonymousAuth: true
#opensearch_security.auth.nonAuthenticatedRoutes: [/api/status]
#opensearch_security.auth.type: "openid"
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.openid.connect_url: "/.well-known/openid-configuration"
opensearch_security.openid.client_id: "opensearchname"
opensearch_security.openid.client_secret: "xxxxxxxxxxxxxxxxxxxxxxxx"
#opensearch_security.openid.roles_key: "roles"
#opensearch_security.auth.oidc.ssl.verificationMode: none
#opensearch.ssl.verificationMode: none
opensearch_security.openid.scope: "openid profile email roles groups"
opensearch_security.openid.base_redirect_url: "opensearch.stage.domain.com"
opensearch_security.openid.trust_dynamic_headers: true
opensearch_security.openid.header: "Authorization"
opensearch_security.cookie.ttl: "3600"
opensearch_security.openid.verify_hostnames: false
#opensearch_security.openid.redirect_uri: "opensearch.stage.domain.com/*"
opensearch.requestHeadersAllowlist: ["Authorization", "securitytenant", "WWW-Authenticate"]