ECK in azure

macdadi112 · May 31, 2023, 2:15pm

Hi,

I have managed to install the ECK as explained in the quikcstart guides (Quickstart | Elastic Cloud on Kubernetes [2.8] | Elastic) but now I am trying to install with integration to Azure AD.

I changed my elasticsearch license to enterprise but I keep on getting the following error each time log in:

And the logs dont reveal much either:

 [2023-05-31T13:39:31.476+00:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
 [2023-05-31T13:39:41.339+00:00][INFO ][http.server.Kibana] http server running at https://0.0.0.0:5601
 [2023-05-31T14:02:46.997+00:00][INFO ][plugins.security.routes] Logging in with provider "oidc1" (oidc)
 [2023-05-31T14:03:00.242+00:00][WARN ][plugins.security.authentication] Could not authenticate user with the existing session. Forcing logout.

My elasticsearch.yaml file:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 8.5.0
  secureSettings:
  - secretName: elastic-client
  nodeSets:
  - name: elasticsearch
    count: 1
    config:
      node.store.allow_mmap: false
      xpack:
          security:
            authc:
              realms:
                oidc:
                  oidc1:
                    order: 2
                    rp.client_id: "****************"
                    rp.response_type: "code"
                    rp.requested_scopes: ["openid", "email"]
                    rp.redirect_uri: "**************:5601/api/security/oidc/callback"
                    op.issuer: "https://login.microsoftonline.com/***********/v2.0"
                    op.authorization_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/authorize"
                    op.token_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/token"
                    op.jwkset_path: "https://login.microsoftonline.com/***********/discovery/v2.0/keys"
                    op.userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo"
                    op.endsession_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/logout"
                    claims.principal: email
                    claims.groups: "^([^@]+)@**********\\.TLD$"

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: elasticsearch
spec:
  version: 8.5.0
  count: 1
  elasticsearchRef:
    name: elasticsearch
  http:
    tls:
      certificate:
        secretName: cert
  config:
    xpack.security.authc.providers:
      oidc.oidc1:
        order: 0
        realm: oidc1
        description: "Log in with Azure"
      basic.basic1:
        order: 1

I've set up the app as kibana & got the secret for the azure AD:

apiVersion: v1
data:
  key1: ***************************************
kind: Secret
metadata:
  name: "xpack.security.authc.realms.oidc.oidc1.rp.client.secret"
  namespace: elastic

What have I missed?
How would I be able to reveal more in the logs file?

system · June 28, 2023, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to configure OIDC using the trail licence with azure AD Elastic Cloud on Kubernetes (ECK) elastic-stack-security	8	789	April 14, 2022
ECK SSO with google cloud OpenID: Error [security_exception] unable to authenticate user [<OIDC Token>] Elastic Cloud on Kubernetes (ECK) elastic-stack-security	6	1707	May 13, 2021
How to use Azure Storage plugin in ECK for Snapshot Elastic Cloud on Kubernetes (ECK)	8	2042	November 4, 2022
Elasticsearch on Kubernetes not able to authenticate to azure container registry Elastic Cloud on Kubernetes (ECK) docker	2	829	January 10, 2022
Elastic Cloud On kubernetes Elastic Cloud on Kubernetes (ECK)	9	1236	November 4, 2022

ECK in azure

Related topics