Elasticsearch 7.0.1 OIDC/SAML support

playfair039 · August 7, 2019, 9:51am

I'm running an elk stack 7.0.1 which works just fine. However, I'm struggling to enable openid functionality using keycloak. I've enabled secure http over ssl and token service on the elasticsearch. It doesn't take any of the oidc configs:

xpack.security.authc.realms.oidc.test:
order: 2
rp.client_id: "kibana"
...

Docker logs show a whole sequence of xpack plugin issues. Shouldn't Xpack come with default support for OIDC and SAML? Thanks in advance.

"Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.oidc.test.rp.client_id] please check that any required plugins are installed, or check the breaking changes documentation for removed settings",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:531) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:418) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.SettingsModule.(SettingsModule.java:148) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:341) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:251) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.0.1.jar:7.0.1]",
"Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.oidc.test.order] please check that any required plugins are installed, or check the breaking changes documentation for removed settings",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:531) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:418) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.SettingsModule.(SettingsModule.java:148) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:341) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:251) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.0.1.jar:7.0.1]"] }

ikakavas · August 8, 2019, 8:00am

Hi there, OpenID Connect support for the Elastic stack was introduced in the 7.2 release so it is not available in 7.0.1. SAML has been available since 6.2 though.

playfair039 · August 8, 2019, 11:23am

I appreciate it, thanks. I went to 7.3.0 soon after posting and everything works just fine now thanks

system · September 5, 2019, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authentication failed for an OpenID integration Elasticsearch elastic-stack-security	3	2172	March 23, 2020
Unable to set xpack.security.authc.realms.oidc.oidc1.rp.client_secret property through yml file Elasticsearch	5	3346	March 5, 2020
Configuration of OpenID connect for Elasticsearch 7.14.1 is getting failed with trial version Elastic Security elastic-stack-security , docker	10	1431	October 19, 2021
Trouble getting OpenID Connect set up using Keycloak -- receiving error message Kibana elastic-stack-security , docker	2	268	May 2, 2024
ELK Stack integration with Keycloak Elasticsearch elastic-stack-security	15	22299	January 9, 2020

Elasticsearch 7.0.1 OIDC/SAML support

Related topics