Github URL to set on op.jwkset_path parameter


I'm struggling to find where is the GitHub URL to set here on this parameter from this documentation: Configuring single sign-on to the Elastic Stack using OpenID Connect | Elasticsearch Guide [7.16] | Elastic


The path to a file or a URL containing a JSON Web Key Set with the key material that the OpenID Connect Provider uses for signing tokens and claims responses. If a path is set, it is resolved relative to the Elasticsearch config directory. Elasticsearch will automatically monitor this file for changes and will reload the configuration whenever it is updated. Your OpenID Connect Provider should provide you with this file or a URL where it is available.

My Elasticsearch and Kibana instances are running on

Please, could you help me?

Welcome to our community! :smiley:

It's not clear what you think GitHub has to do with this, there's no mention of it in that document link.

Your OpenID Connect Provider should provide you with this file or a URL where it is available.

I've created an GitHub OAuth App on GitHub to use as my OpenID Connect Provider, but I can't find this file or URL to use on this op.jwkset_path parameter.

ES configuration I'm adding.
  order: 2
  rp.client_id: "xxxxxxxxxxxx"
  rp.response_type: code
  rp.redirect_uri: ""
  op.issuer: ""
  op.authorization_endpoint: ""
  op.token_endpoint: ""
  op.jwkset_path: <NEED TO FIND IT>
  claims.principal: email_verified

Right, so you want to use GitHub as the auth provider?

Exactly @warkolm . My goal is to have it on Kibana for the employees from company login with their GitHub users restrict to users that are inside my GitHub organization pathable.

1 Like

Hi @Fabio_Peruchi . Unfortunately, Github does not support OpenID Connect, they have instead built their own authentication protocol on top of oAuth2, which is "close to" but "not exactly" OpenID Connect. As such, you can't use the OpenID Connect realm of Elasticsearch to authenticate your users via Github.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.