Where can I get exchange_key for SAML configuration in opensearch?


I have installed opensearch on docker containers using docker-compose file and trying to setup SAML SSO using PingIdentity.

There is one parameter required for SAML SSO in opensearch, which is exchange_key. I don’t know what this exchange_key is and where can I get this key?

Is it needs to be generated on IdP side or I can generate it using online HMAC tool(Free Online HMAC Generator / Checker Tool (MD5, SHA-256, SHA-512) - FreeFormatter.com). Does this key has some relation with IdP ? If yes, how to map it with IdP

Could you please help me here?


Hello @ravis85

As per documentation, the exchange_key is used to sign tokens by the security plugin. It should have at least 32 characters and is set only on the security plugin side.

1 Like

Hi @pablo

Thanks for your reply.

So I can create the exchange_key using HMAC algorithm and use that key in config.yml file for SAML setup and it should work?

@ravis85 That’s correct.