I managed to make localhost Kibana to be functioned in https environment.(The warning stated that it is not trusted).
However my localhost elasticsearch node is still in http environment. The elasticsearch console generate following error, when https localhost Kibana tried to SSO with the external Identity Provider.
Please bear with my skills, my first concern is that if localhost self-signed certificate(CN=localhost) even possible to build up trust connection from Kibana and Elasticsearch side?
Here are my settings:
- Error log from localhost Elastic console:
I generated the certificate with elasticsearch elasticsearch-certutil command.
Thanks for your time.
Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.
Instead, paste the text and format it with
</> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. Also please share the entire configuration, you are asking about your openid connect integration but you dont share its configuration.
The more data you share the easier it makes it for folks that want to help you out. This also makes it more likely that your question will receive a useful answer.
It would be great if you could update your post to solve this.
Environment: Elasticsearch 7.7, Kibana 7.7
rp.requested_scopes: "openid profile email"
xpack.security.authProviders: [oidc, basic]
In 7.6(Elasticsearch and Kibana) version
When I put verficationMode to certificate in xpack.security.authc.realms.oidc.kibana-gidp: (elasticsearch.yml) , it produces the similar error that contains "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target."
When I put verificationMode to none in xpack.security.authc.realms.oidc.kibana-gidp: (elasticsearch.yml) , it doesn't show any error in elasticsearch-console, but Kibana showed "Elastic Kibana did not load properly. Check the server output for more information" However in 7.6, I still can access to Kibana, if I refreshed page to another page few times.
In 7.7 Kibana, it just showed the same error "Elastic Kibana did not load properly. Check the server output for more information". Any refresh to another won't help this time.
With my lastest development, I would like to know how to fix this, so it will works with the configuration setting verificationMode to "none" and verficationMode to "certificate" in 7.7 locahost environment, thanks.
Thanks anyone that has spent time on here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.