Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch/opensearch CHART VERSION: 2.6.2 APP VERSION: 2.3.0
opensearch/opensearch-dashboards CHART VERSION: 2.5.3 APP VERSION: 2.3.0
Server OS:
cloud.linode.com: Kubernetes 1.23 (3 node configuration)
Browser:
Firefox: 106.0.4 (64-bit)
Chrome: 107.0.5304.88 (Official Build) (64-bit)
Describe the issue:
How do i configure these endpoints:
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]
in opensearch_dashboards.yml using helm values.
Editing the file directly and restarting the opensearch-dashboards container will reset the edited
file.
And configuring it via helm values cause the container to crash with error and crash loops.
When running:
kubectl logs containerid
there are no logs.
Even If i am using a previous version of charts the file is edited with the relevant info but when redirected to “/_opendistro/_security/saml/acs” i am getting a 404 , page not found.
Thus why i believe the server.xsrf.allowlist isn’t enabled.
Configuration:
I am using the default chart values from:
And i have edited the config part with the following:
config:
opensearch_dashboards.yml: |
opensearch.hosts: [https://localhost:9200]
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]
# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false
server.host: '0.0.0.0'
opendistro_security.auth.type: saml
server.xsrf.allowlist: ["/_plugins/_security/saml/acs","/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout","/_opendistro/_security/saml/acs/idpinitiated"]