Elasticsearch 7.0.1 OIDC/SAML support

playfair039 · August 7, 2019, 9:51am

I'm running an elk stack 7.0.1 which works just fine. However, I'm struggling to enable openid functionality using keycloak. I've enabled secure http over ssl and token service on the elasticsearch. It doesn't take any of the oidc configs:

xpack.security.authc.realms.oidc.test:
order: 2
rp.client_id: "kibana"
...

Docker logs show a whole sequence of xpack plugin issues. Shouldn't Xpack come with default support for OIDC and SAML? Thanks in advance.

"Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.oidc.test.rp.client_id] please check that any required plugins are installed, or check the breaking changes documentation for removed settings",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:531) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:418) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.SettingsModule.(SettingsModule.java:148) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:341) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:251) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.0.1.jar:7.0.1]",
"Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.oidc.test.order] please check that any required plugins are installed, or check the breaking changes documentation for removed settings",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:531) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:418) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.common.settings.SettingsModule.(SettingsModule.java:148) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:341) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.node.Node.(Node.java:251) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.0.1.jar:7.0.1]",
"\tat org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.0.1.jar:7.0.1]"] }

ikakavas · August 8, 2019, 8:00am

Hi there, OpenID Connect support for the Elastic stack was introduced in the 7.2 release so it is not available in 7.0.1. SAML has been available since 6.2 though.

playfair039 · August 8, 2019, 11:23am

I appreciate it, thanks. I went to 7.3.0 soon after posting and everything works just fine now thanks

system · September 5, 2019, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.