Hi
I’m hoping to use Google Workspace for SAML authentication with a private managed OpenSearch 2.17 on an AWS VPC. If I using a VPN to connect to the VPC, this works fine when I initiate the flow from the IdP and I can access the OpenSearch Dashboard.
I would now like to create a NGINX EC2 to reverse proxy to OpenSearch. So I have the IdP, AWS ALB, NGINX EC2 and OpenSearch. The errors I’m getting back are:
Error while validating SAML response in _PATH_
and
The response was received at _PATH_ instead of _PATH_
AWS have a troubleshooting page which details this error as:
”The destination field in SAML response doesn’t match one of the following URL formats:
-
<DashboardsURL>/_opendistro/_security/saml/acs -
<DashboardsURL>/_opendistro/_security/saml/acs/idpinitiated.
Depending on the login flow you use (SP-initiated or IdP-initiated), enter in a destination field that matches one of the OpenSearch URLs.”
The domain to access the ALB is different that the one to access the dashboard directly when on the VPN. Would that be the problem here or am I doing something completely unsupported?