persi
3
config.yml
---
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
saml_auth_domain:
order: 1
description: "Azure AAD SAML provider"
http_enabled: true
transport_enabled: false
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: /usr/share/opensearch/config/metadata_file.xml
entity_id: 'entity_id'
sp:
entity_id: entityid
forceAuthn: true
kibana_url: https://ingress_url/opensearch
exchange_key: 1a2a3a4a.......1b......
authentication_backend:
type: noop
and
opensearch_dashboard.yml
opensearch_dashboards.yml:
server:
basePath: "/opensearch"
rewriteBasePath: true
xsrf.whitelist: ["/_plugins/_security/api/authtoken", "/_opendistro/_security/api/authtoken", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/acs", "/_plugins/_security/saml/logout"]
opensearch:
username: "serverusername"
password: "serverpassword"
requestHeadersWhitelist: ["securitytenant","Authorization"]
ssl:
verificationMode: none
opensearch_security:
multitenancy.enabled: true
multitenancy.tenants.enable_global: true
multitenancy.tenants.enable_private: true
multitenancy.tenants.preferred: ["Private", "Global"]
multitenancy.enable_filter: false
auth.type: "saml"