Hello All,
I am using elasticsearch 7.5.2 and kbana 7.5.2 with this i am using keyclock as OP . I have enabled trial version for 30 to run single-sign-on on elasticsearch . But I am getting below error in elasticsearch.
Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to exchange code for Id Token using the Token Endpoint.]; nested: SSLHandshakeException[General SSLEngine problem]; nested: SSLHandshakeException[General SSLEngine problem]; nested: ValidatorException[PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; nested: SunCertPathBuilderException[unable to find valid certification path to requested target] ; )
Can anyone suggest me where I am making mistake.
Below is my elasticsearch.yml and kibana.yml
Elasticsearch.yml :
##======================== Elasticsearch Configuration =========================
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/ist/elasticsearch-7.5.2/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/ist/elasticsearch-7.5.2/config/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/ist/elasticsearch-7.5.2/config/elastic-stack-ca.p12
xpack.security.http.ssl.truststore.path: /home/ist/elasticsearch-7.5.2/config/elastic-stack-ca.p12
xpack.http.ssl.truststore.password: elastic
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.oidc.oidc1:
order: 2
rp.client_id: "kibana-sso"
rp.response_type: code
rp.redirect_uri: "http://localhost:5601/api/security/v1/oidc"
op.issuer: "https://127.0.0.1:8443/auth/realms/oidc1"
op.authorization_endpoint: "https://127.0.0.1:8443/auth/realms/oidc1/protocol/openid-connect/auth"
op.token_endpoint: "https://127.0.0.1:8443/auth/realms/oidc1/protocol/openid-connect/token"
op.jwkset_path: "/home/ist/elasticsearch-7.5.2/config/key.json"
op.endsession_endpoint: "https://127.0.0.1:8443/auth/realms/oidc1/protocol/openid-connect/logout"
rp.post_logout_redirect_uri: "https://127.0.0.1:8443/auth/realms/oidc1/protocol/openid-connect/logout"
claims.principal: preferred_username
claims.groups: "https://127.0.0.1:8443/auth/realms/oidc1/.well-known/openid-configuration"
kibana.yml
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
elasticsearch.ssl.verificationMode: none
xpack.security.enabled: true
xpack.security.authc.providers: [oidc]
xpack.security.authc.oidc.realm: "oidc1"
server.xsrf.whitelist: [/api/security/v1/oidc]
Please suggest me where am i making mistakes.
Thanks in advance