I’ve upgraded from a single-node OpenSearch cluster to a three-node setup. Initially, my cluster was integrated with SAML ADFS, and everything worked fine on the single node. After the upgrade, I can still authenticate successfully on the original node, but I encounter “Bad Request” errors when attempting to log in through the load balancer or directly accessing the host URLs of the other two nodes. There are no useful error messages in the Opensearch logs to help diagnose the problem.
Has anyone faced a similar issue? How should I configure SAML ADFS for a multi-node OpenSearch cluster? FYI, the cluster is managed with Docker.
@datapal Please share opensearch_dashboards.yml and config.yml files.
There is no difference in terms of security plugin between single and multi-node clusters as they all use the same security configuration.
Where is the load balancer located? Is it before OpenSearch Dashboards or between OpenSearch nodes and OpenSearch Dashboards?
I found a solution. I was only using the securityadmin.sh script on the first node when it starts. Running it on all three nodes fixed the problem. I’m not sure if it’s the correct approach, but it works.
About the load balancer, it’s directing users to the OpenSearch dashboards. It’s the server that faces the public.