Github URL to set on op.jwkset_path parameter

Fabio_Peruchi · December 10, 2021, 9:27pm

Hello.

I'm struggling to find where is the GitHub URL to set here on this parameter from this documentation: Configuring single sign-on to the Elastic Stack using OpenID Connect | Elasticsearch Guide [7.16] | Elastic

op.jwkset_path

The path to a file or a URL containing a JSON Web Key Set with the key material that the OpenID Connect Provider uses for signing tokens and claims responses. If a path is set, it is resolved relative to the Elasticsearch config directory. Elasticsearch will automatically monitor this file for changes and will reload the configuration whenever it is updated. Your OpenID Connect Provider should provide you with this file or a URL where it is available.

My Elasticsearch and Kibana instances are running on https://elastic.co

Please, could you help me?

warkolm · December 10, 2021, 9:31pm

Welcome to our community!

It's not clear what you think GitHub has to do with this, there's no mention of it in that document link.

Fabio_Peruchi · December 10, 2021, 9:36pm

Your OpenID Connect Provider should provide you with this file or a URL where it is available.

I've created an GitHub OAuth App on GitHub to use as my OpenID Connect Provider, but I can't find this file or URL to use on this op.jwkset_path parameter.

ES configuration I'm adding.

xpack.security.authc.realms.oidc.oidc1:
  order: 2
  rp.client_id: "xxxxxxxxxxxx"
  rp.response_type: code
  rp.redirect_uri: "https://pathable-cosmos.kb.us-east-1.aws.found.io:9243/api/security/oidc/callback"
  op.issuer: "https://github.com"
  op.authorization_endpoint: "https://github.com/login/oauth/authorize"
  op.token_endpoint: "https://github.com/login/oauth/access_token"
  op.jwkset_path: <NEED TO FIND IT>
  claims.principal: email_verified

warkolm · December 10, 2021, 9:42pm

Right, so you want to use GitHub as the auth provider?

Fabio_Peruchi · December 10, 2021, 9:45pm

Exactly @warkolm . My goal is to have it on Kibana for the employees from company login with their GitHub users restrict to users that are inside my GitHub organization pathable.

ikakavas · December 13, 2021, 8:12am

Hi @Fabio_Peruchi . Unfortunately, Github does not support OpenID Connect, they have instead built their own authentication protocol on top of oAuth2, which is "close to" but "not exactly" OpenID Connect. As such, you can't use the OpenID Connect realm of Elasticsearch to authenticate your users via Github.

system · January 10, 2022, 8:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.