Elasticsearch service wont stop when OIDC is enabled

Elastic Stack Elasticsearch
,
1

I'm running the entire stack on Windows and will integrate SSO into the environment.
It works as expected except one thing, when the Elasticsearch service needs to be stopped it hangs for some reason.

If I remove below lines and the part from the keystore, the service behaves as expected (reproduced in two different environments and tried in Elasticsearch 7.9.1 as well as 7.10.2).

Elasticsearch.yml:

oidc.oidc-adfs:
  order: 2
  client_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  response_type: code
  requested_scopes: ["openid",'allatclaims']
  rp.redirect_uri: 'https://kibana.domain.local/api/security/oidc/callback'
  op.issuer: 'https://adfs.domain.local/adfs'
  op.authorization_endpoint: 'https://adfs.domain.local/adfs/oauth2/authorize/'
  op.token_endpoint: 'https://adfs.domain.local/adfs/oauth2/token/'
  op.endsession_endpoint: 'https://adfs.domain.local/adfs/oauth2/logout'
  rp.post_logout_redirect_uri: 'https://kibana.domain.local/security/logged_out'
  op.jwkset_path: 'https://adfs.domain.local/adfs/discovery/keys'
  claims.principal: sub
  claims.groups: group
  claims.name: commonname
  ssl.certificate_authorities: D:\Elasticsearch\config\chain.crt

This is also included in the keystore:

xpack.security.authc.realms.oidc.oidc-adfs.rp.client_secret

Elasticcluster.log (when stopping service):

[INFO ][o.e.n.Node               ] [es1.domain.local] stopping ...
[INFO ][o.e.x.w.WatcherService   ] [es1.domain.local] stopping watch service, reason [shutdown initiated]
[INFO ][o.e.x.w.WatcherLifeCycleService] [es1.domain.local] watcher has stopped and shutdown
[INFO ][o.e.x.m.p.l.CppLogMessageHandler] [es1.domain.local] [controller/8132] [Main.cc@154] ML controller exiting
[INFO ][o.e.x.m.p.NativeController] [es1.domain.local] Native controller process has stopped - no new native processes can be started
[INFO ][o.e.n.Node               ] [es1.domain.local] stopped
[INFO ][o.e.n.Node               ] [es1.domain.local] closing ...
[INFO ][o.e.n.Node               ] [es1.domain.local] closed

... but the process and service is still running and trying to stop and only way to shut it down is to kill the process...

The service is installed with the provided elasticsearch-service.bat

This can't be an expected behavior, what am I missing?

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.