I have been trying for days to set up an OpenId opendistro stack together with a keycloak server in a docker-compose. After the login with keycloak is completed, I get a kibana opendistro screen with the message:
Authentication failed - please provide a new token.
This occurs with version 1.9 and earlier of opendistro. With versions 1.10 and 1.11 the observed behavior is an endless loop between keycloak and kibana in the browser, not ending in any kibana screen. I do not get much useful information from the logs. I do manage to run an OpenId opendistro stack directly installed on my physical debian system.
I would be more than interested in exchanging with others on this topic. I especially have two questions. First, is someone able to provide an example of a docker-compose configuration for OpenId with opendistro, or some parts of such a configuration. Second, is it required to create users with some specific roles in Elasticsearch (for instance using the opendistro security REST API) and the same users in Keycloak ? It would be very useful for me to get details on this part too.