-
Search Guard and Elasticsearch version (ES/Kibana 6.3.1)
-
Installed and used enterprise modules, if any - Open ID Connect
Hello,
We’ve configured our ELK stack to use SearchGuard Open ID Connect. The Kibana server is accessible to users via an Nginx proxy that forwards kibana.site.local port 80 to the IP address of the server running Kibana on port 5601.
We’re using AWS Cognito as our OID provider and we can see that the initial authentication request is working, however, SearchGuard provides a redirect URL that consists of the server IP address, as expected, e.g.:
https://X.Y.Z.W:5601/kibana/auth/openid/login
Is there any way to specify the redirect URL that SearchGuard sends? For instance, We would want to configure:
https://kibana.site.local/kibana/auth/openid/login
or
kibana.site.local
Allowing SearchGuard to establish the rest (e.g. including the base url).
Thank you
The OpenID module tries to deduct the redirect URL from the kibana.yml configuration. However, you can overwrite this and provide a custom redirect url via the following entry in kibana.yml:
searhchguard.openid.base_redirect_url: "https://kibana.site.local"
···
On Friday, August 24, 2018 at 7:46:02 AM UTC-5, Richard Caunt wrote:
- Search Guard and Elasticsearch version (ES/Kibana 6.3.1)
- Installed and used enterprise modules, if any - Open ID Connect
Hello,
We’ve configured our ELK stack to use SearchGuard Open ID Connect. The Kibana server is accessible to users via an Nginx proxy that forwards kibana.site.local port 80 to the IP address of the server running Kibana on port 5601.
We’re using AWS Cognito as our OID provider and we can see that the initial authentication request is working, however, SearchGuard provides a redirect URL that consists of the server IP address, as expected, e.g.:
https://X.Y.Z.W:5601/kibana/auth/openid/login
Is there any way to specify the redirect URL that SearchGuard sends? For instance, We would want to configure:
https://kibana.site.local/kibana/auth/openid/login
or
kibana.site.local
Allowing SearchGuard to establish the rest (e.g. including the base url).
Thank you