Custom OpenID Connect Redirect URL

• Search Guard and Elasticsearch version (ES/Kibana 6.3.1)

• Installed and used enterprise modules, if any - Open ID Connect

Hello,

We’ve configured our ELK stack to use SearchGuard Open ID Connect. The Kibana server is accessible to users via an Nginx proxy that forwards kibana.site.local port 80 to the IP address of the server running Kibana on port 5601.

We’re using AWS Cognito as our OID provider and we can see that the initial authentication request is working, however, SearchGuard provides a redirect URL that consists of the server IP address, as expected, e.g.:

https://X.Y.Z.W:5601/kibana/auth/openid/login

Is there any way to specify the redirect URL that SearchGuard sends? For instance, We would want to configure:

https://kibana.site.local/kibana/auth/openid/login

or

kibana.site.local

Allowing SearchGuard to establish the rest (e.g. including the base url).

Thank you

The OpenID module tries to deduct the redirect URL from the kibana.yml configuration. However, you can overwrite this and provide a custom redirect url via the following entry in kibana.yml:

searhchguard.openid.base_redirect_url: "https://kibana.site.local"