Unable to configure SAML using idp file

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.3.0

Describe the issue:
Unable to configure SAML using IDP file. Not loading dashboard page after configuring sso.

Configuration:

saml_auth_domain:
description: “SAML Auth”
http_enabled: true
transport_enabled: false
order: 7
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: /etc/opensearch/idp-elk-r2.xml
authentication_backend:
type: “noop”

Relevant Logs or Screenshots:

@dmallick19 How was the OpenSearch cluster deployed?

Hi Pablo,

Cluster is deployed on VM using rpm packages.

Thanks,
Debashis

@dmallick19 Could you also share opensearch_dashboards.yml?
Are you redirected to the login screen of your SAML IdP or just OpenSearch Dashboards UI?

Did you get any errors during the OpenSearch startup?

Hi @pablo ,

It is not redirecting to my SAML Login and start up showing unauthorized.

HI @pablo ,
Below is my current conf from both opensearch and opensearh-dashboard.yml file

saml_auth_domain:
description: “SAML Auth”
http_enabled: true
transport_enabled: false
order: 7
http_authenticator:
type: saml
challenge: true
config:
idp:
enable_ssl: true
verify_hostnames: true
metadata_file: /etc/opensearch/idp-elk-r2.xml
entity_id: Dell.SAML2.0
sp:
entity_id: Dell.SAML2.0
#forceAuthn: true
kibana_url: https://elk-r2.dell.com/
subject_key: UserID
roles_key: Role
authentication_backend:
type: “noop”

opensearch_security.auth.type: “saml”
server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout]

================================

@dmallick19 What is your SAML IDP?

@dmallick19 Please turn on DEBUG or TRACE for the SAML token and verify that subject_key and roles_key match the values configured in config.yml.

I don’t see exchange_key in your config. Please follow the documentation and add it to your config.yml.
Please be aware that exchange_key must be no less than 32 characters.

https://pf.us.dell.com/idp/SSO.saml2