Opensearch and OpenID (Azure) issue

@Anthony thanks for your support!
@sastorsl I’m running OS and OSDashboards with Docker. Do I need to apply changes to securityadmin.sh?
I did change the configuration like yours, but still got the error :frowning:

@JackBlack yes indeed, you need to apply the config. Have to admit i tripped on this as well for an extreme amount of reconfiguration-attempts.

Double check the openid_connect_url
Also double check the secret key in OpenSearch Dashboards.

I’m on kubernetes and ended up defining it in a k8s “secret” as an environment variable, referencing the environment in my properties file.

Next thing is to double check that you get the proper “claims” from Azure.
You need API permissions on “openid”, “profile”, “User.Read”. I also have “email” and “GroupMember.Read”.

Under token configuration i have “email”, “groups”, “preferred_username”. You can have “upn” but that has been deprecated in the later Azure versions.

In Azure you will also need to configure the correct redirect URL as a “Web” application.
https://your-openshift-dashboards-url/auth/openid/login

Save in Azure.
Check and restart OpenSearch Dashboards.
Apply any config changes to the security module in OpenSearch (se my last post).