Hi,
I have managed to install the ECK as explained in the quikcstart guides (Quickstart | Elastic Cloud on Kubernetes [2.8] | Elastic) but now I am trying to install with integration to Azure AD.
I changed my elasticsearch license to enterprise but I keep on getting the following error each time log in:
And the logs dont reveal much either:
[2023-05-31T13:39:31.476+00:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-05-31T13:39:41.339+00:00][INFO ][http.server.Kibana] http server running at https://0.0.0.0:5601
[2023-05-31T14:02:46.997+00:00][INFO ][plugins.security.routes] Logging in with provider "oidc1" (oidc)
[2023-05-31T14:03:00.242+00:00][WARN ][plugins.security.authentication] Could not authenticate user with the existing session. Forcing logout.
My elasticsearch.yaml file:
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch
spec:
version: 8.5.0
secureSettings:
- secretName: elastic-client
nodeSets:
- name: elasticsearch
count: 1
config:
node.store.allow_mmap: false
xpack:
security:
authc:
realms:
oidc:
oidc1:
order: 2
rp.client_id: "****************"
rp.response_type: "code"
rp.requested_scopes: ["openid", "email"]
rp.redirect_uri: "**************:5601/api/security/oidc/callback"
op.issuer: "https://login.microsoftonline.com/***********/v2.0"
op.authorization_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/authorize"
op.token_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/token"
op.jwkset_path: "https://login.microsoftonline.com/***********/discovery/v2.0/keys"
op.userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo"
op.endsession_endpoint: "https://login.microsoftonline.com/***********/oauth2/v2.0/logout"
claims.principal: email
claims.groups: "^([^@]+)@**********\\.TLD$"
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: elasticsearch
spec:
version: 8.5.0
count: 1
elasticsearchRef:
name: elasticsearch
http:
tls:
certificate:
secretName: cert
config:
xpack.security.authc.providers:
oidc.oidc1:
order: 0
realm: oidc1
description: "Log in with Azure"
basic.basic1:
order: 1
I've set up the app as kibana & got the secret for the azure AD:
apiVersion: v1
data:
key1: ***************************************
kind: Secret
metadata:
name: "xpack.security.authc.realms.oidc.oidc1.rp.client.secret"
namespace: elastic
What have I missed?
How would I be able to reveal more in the logs file?