I am performing a prepare in ES, then attempting an authenticate but receiving this error from the request: "reason": "unable to authenticate user [<OIDC Token>] for action [cluster:admin/xpack/security/oidc/authenticate]",
And I get this error in ES logs: "message": "Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to consume the OpenID connect response. ]; nested: ParseException[Missing URI fragment or query string];)"
ES version: 7.5.0
If anyone could help me out, or point me towards an article that would be great.
Third party initiated login is defined in the specification in Final: OpenID Connect Core 1.0 incorporating errata set 1. We don't cover the Third PArty initiated login flow without Kibana in our docs ( I've made a note to fix that )
You basically need to
initiate a request to the RP ( your spring boot application ) providing the necessary parameters (iss should be enough)
This will give your spring boot app an Elasticsearch Token Service access token and a refresh token for that user, and you can subsequently use that Elasticsearch Token Service access as a Bearer token for requests to Elasticsearch on behalf of the authenticated user
You'll need to add a bit more detail here, this is not enough for us to help you.
Calling prepare gives you a URL back to redirect you to your OP, what do you do with it?
Calling the prepare API would never return that error message, this error message is from the oidc/authenticate API .
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.