I am using elasticsearch-oss 7.0.1 rpm and installed opendistro_security(18.104.22.168) standalone plugin.
I am trying to authenticate access to elasticsearch via keycloak by enabling openid authentication.
Authentication is failing with the error:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The keycloak server is configured with a self signed certificate and I have added this certificate to JAVA truststore where elasticsearch is running. I have also configured this certificate in pemtrustedcas_filepath parameter as shown below.
Attaching the relevant section of the config file.
basic_internal_auth_domain: description: "Authenticate via HTTP Basic against internal users database" http_enabled: true transport_enabled: true order: 0 http_authenticator: type: basic challenge: false authentication_backend: type: intern openid_auth_domain: http_enabled: true order: 1 http_authenticator: type: openid challenge: false config: subject_key: preferred_username roles_key: roles openid_connect_url: https://<keycloak-server>/auth/realms/elk/.well-known/openid-configuration pemtrustedcas_filepath: /home/tls.pem authentication_backend: type: noop
Can you please look into this and help me resolve this error?