Comments (2)
scrawfor99
commented on July 24, 2024
[Triage] Hi @hagaram thanks for filing this issue. @derek-ho has taken a look at similar issue in the past so will check into this use case and see if that is something we are able to support.
from security-dashboards-plugin.
hagaram
commented on July 24, 2024
@scrawfor99 @derek-ho Thank you very much for taking a look at this.
If it helps anything, here is OSD config.
server.port: 5601
server.host: "0.0.0.0"
opensearch.hosts: ["https://xxxx.XXXXXXXX:9200","https://xxx.XXXXXXXX:9200","https://xxx.XXXXXXXX:9200"]
opensearch.username: "XXXXXXXXXX"
opensearch.password: "XXXXXXXXXX"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: false
# opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch.ssl.verificationMode: "full"
opensearch.ssl.certificate: "/usr/share/opensearch-dashboards/config/esnode.pem"
opensearch.ssl.key: "/usr/share/opensearch-dashboards/config/esnode-key.pem"
opensearch.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/root-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/opensearch-dashboards/config/rest-esnode.pem
server.ssl.key: /usr/share/opensearch-dashboards/config/rest-esnode-key.pem
server.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/rest-root-ca.pem" ]
opensearch_security.cookie.secure: true
# OpenID settings -> IDP used is Keycloak
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.openid.base_redirect_url: "https://xXXXXXX.XXXXXXXX"
opensearch_security.openid.client_id: "XXXXXXX.XXXXXXXX"
opensearch_security.openid.scope: "openid profile email"
opensearch_security.openid.client_secret: "XXXXXXXXX"
opensearch_security.openid.connect_url: "https://XXXXX.XXXXXX.XXXXX/realms/XXXXXX/.well-known/openid-configuration"
opensearch_security.openid.verify_hostnames: true
opensearch_security.cookie.ttl: 86400000
opensearch_security.session.ttl: 86400000
#I've tried to change the bellow two setting to true/false - no effect regarding this issue
#opensearch_security.session.keepalive: false
#opensearch_security.openid.refresh_tokens: true
opensearch_security.ui.openid.login.buttonname: "Sign in with XXXXXX ID"
And here is security plugins config
_meta:
type: "config"
config_version: 2
config:
dynamic:
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: ".*"
remoteIpHeader: "x-forwarded-for"
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: false
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
openid_auth_domain:
description: "Authenticate via Keycloak"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
enable_ssl: true
verify_hostnames: true
subject_key: preferred_username
roles_key: roles
openid_connect_url: https://XXXXXX.XXXXX.XXXXX/realms/XXXXXX/.well-known/openid-configuration
kibana_url: https://XXXXX.XXXXX.XXXXX
authentication_backend:
type: noop
authz: {}
```
from security-dashboards-plugin.
Related Issues (20)
- [RELEASE] Release version 2.15.0 HOT 2
- [AUTOCUT] Integration Test failed for securityDashboards: 2.15.0 HOT 9
- [RELEASE] Release version 2.16.0 HOT 2
- [Enhancement] Remove service account code in main HOT 2
- [FEATURE] Deprecate/remove aggregation view HOT 1
- [FEATURE] Support JDK 21 for main branch HOT 1
- [BUG] Remove AOSS data sources from the data source picker HOT 1
- [AUTOCUT] Integration Test failed for securityDashboards: 2.15.0 HOT 6
- [BUG] Missing OIDC refresh token calls in case of expired id token HOT 1
- [RELEASE] Release version 2.15.0 HOT 2
- [BUG] Tenant is defaulting incorrectly based on the ordering of: opensearch_security.multitenancy.tenants.preferred HOT 4
- [FEATURE] Security Plugin Navigation Changes HOT 1
- [BUG] Missing background refresh of OIDC access_token (for /app/dashboards) HOT 1
- [AUTOCUT] Integration Test failed for securityDashboards: 1.3.18 HOT 2
- [AUTOCUT] Distribution Build Failed for securityDashboards-2.16.0 HOT 2
- [BUG] Build.sh script failure HOT 2
- Read-only user doesn't see Discover menu HOT 4
- [BUG] Creating index_pattern via API/Curl for global tenant doesn't work HOT 3
- [FEATURE] Create a E2E for OIDC IdP behind a proxy HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.