Comments (4)
@hagaram thanks for opening.
@opensearch-project/admin please re-direct this to security dashboards plugin.
from security-dashboards-plugin.
[Triage] @hagaram can you provide some more information about your setup? Are you using basepath with opensearch dashboards? There was a recent fix for dashboards with base path, but it will be released in 2.15: #1899.
from security-dashboards-plugin.
Thank you very much for replying @derek-ho . Sure!
This is opensearch security plugins config:
_meta:
type: "config"
config_version: 2
config:
dynamic:
# Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
# Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
# Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
#filtered_alias_mode: warn
#do_not_fail_on_forbidden: false
#kibana:
# Kibana multitenancy
#multitenancy_enabled: true
#server_username: kibanaserver
#index: '.kibana'
# OpenID settings
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: ".*"
remoteIpHeader: "x-forwarded-for"
authc:
# In order for Dashboards to access OpenSearch, you must first use
# authentication_backend.type: internal
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: false
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
openid_auth_domain:
description: "Authenticate via Keycloak"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
enable_ssl: true
verify_hostnames: true
subject_key: preferred_username
roles_key: roles
openid_connect_url: https://XXXXXX.XXXXX.XXXXX/realms/XXXXXX/.well-known/openid-configuration
kibana_url: https://XXXXX.XXXXXX.XXXX
authentication_backend:
type: noop
authz: {}
OSE dashboard config
server.port: 5601
server.host: "0.0.0.0"
opensearch.hosts: ["https://XXXXX.XXXXXX.XXXX:9200","https://XXXX.XXXX.XXXX:9200","https://XXXXX.XXX.XXXXX:9200"]
opensearch.username: "XXXXXXX"
opensearch.password: "XXXXXXXX"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch.ssl.verificationMode: "full"
*****
opensearch_security.cookie.secure: true
# OpenID settings
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.openid.base_redirect_url: "https://XXXX.XXXX.XXX"
opensearch_security.openid.client_id: "XXXX.XXXX.XXXX"
opensearch_security.openid.scope: "openid profile email"
opensearch_security.openid.client_secret: "XXXXXXXXX"
opensearch_security.openid.connect_url: "https://XXXXX.XXXX.XXXX/realms/XXXX/.well-known/openid-configuration"
opensearch_security.openid.verify_hostnames: true
opensearch_security.cookie.ttl: 86400000
opensearch_security.session.ttl: 86400000
opensearch_security.session.keepalive: true
opensearch_security.ui.openid.login.buttonname: Sign in with XXXXXXX ID
opensearch.requestTimeout: 1200000
opensearch_security.openid.refresh_tokens: true
from security-dashboards-plugin.
Hello, I have been struggling with this same issue, and believe to have found the issue.
The ResponseType/ResponseMode seems to be set as "fragment", after reading this comment: keycloak/keycloak#26405 (comment)
It would seem that setting it to "query" would fix the issue.
I have also had success in replacing the # after "data-explorer%2Fdiscover" with %23 https://opensearchlink/app/login?nextUrl=%2Fapp%2Fdata-explorer%2Fdiscover%23?_a=(discover:(columns:!(_source),isDirty:!f,sort:!()),metadata:(indexPattern:logpattern,view:discover))&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_q=(filters:!(),query:(language:kuery,query:%27%27))
from security-dashboards-plugin.
Related Issues (20)
- [RELEASE] Release version 2.16.0 HOT 2
- [Enhancement] Remove service account code in main HOT 2
- [FEATURE] Deprecate/remove aggregation view HOT 1
- [FEATURE] Support JDK 21 for main branch HOT 1
- [BUG] Remove AOSS data sources from the data source picker HOT 1
- [AUTOCUT] Integration Test failed for securityDashboards: 2.15.0 HOT 6
- [BUG] Missing OIDC refresh token calls in case of expired id token HOT 1
- [RELEASE] Release version 2.15.0 HOT 2
- [BUG] Tenant is defaulting incorrectly based on the ordering of: opensearch_security.multitenancy.tenants.preferred HOT 4
- [FEATURE] Security Plugin Navigation Changes HOT 1
- [BUG] Session expiration and keepalive settings ignored HOT 2
- [BUG] Missing background refresh of OIDC access_token (for /app/dashboards) HOT 1
- [AUTOCUT] Integration Test failed for securityDashboards: 1.3.18 HOT 2
- Read-only user doesn't see Discover menu HOT 4
- [AUTOCUT] Distribution Build Failed for securityDashboards-2.16.0 HOT 2
- [BUG] Build.sh script failure HOT 2
- [BUG] Creating index_pattern via API/Curl for global tenant doesn't work HOT 3
- [FEATURE] Create a E2E for OIDC IdP behind a proxy HOT 1
- [FEATURE] Retry Bootstrap Step for OSD HOT 1
- [AUTOCUT] Integration Test failed for securityDashboards: 2.16.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.