Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.3.0
Describe the issue:
Unable to configure SAML using IDP file. Not loading dashboard page after configuring sso.
Configuration:
saml_auth_domain:
description: “SAML Auth”
http_enabled: true
transport_enabled: false
order: 7
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: /etc/opensearch/idp-elk-r2.xml
authentication_backend:
type: “noop”
Relevant Logs or Screenshots:
@dmallick19 How was the OpenSearch cluster deployed?
Hi Pablo,
Cluster is deployed on VM using rpm packages.
Thanks,
Debashis
@dmallick19 Could you also share opensearch_dashboards.yml?
Are you redirected to the login screen of your SAML IdP or just OpenSearch Dashboards UI?
Did you get any errors during the OpenSearch startup?
Hi @pablo ,
It is not redirecting to my SAML Login and start up showing unauthorized.
HI @pablo ,
Below is my current conf from both opensearch and opensearh-dashboard.yml file
opensearch_security.auth.type: “saml”
server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout]
================================
@dmallick19 What is your SAML IDP?
@dmallick19 Please turn on DEBUG or TRACE for the SAML token and verify that subject_key and roles_key match the values configured in config.yml.
I don’t see exchange_key in your config. Please follow the documentation and add it to your config.yml.
Please be aware that exchange_key must be no less than 32 characters.
