Security Error while integrating SSO with elastic cloud cluster using Terraform

I've been trying to provision elastic cluster with SSO configured. As per the latest ec provider documentation we should be able to achieve this in a single workflow. But however, I do see below error while provisioning cluster.

[tiebreaker-0000000002] fatal exception while booting Elasticsearch java.lang.IllegalStateException: security initialization failed at ~[?:?] at org.elasticsearch.node.Node.lambda$new$16( ~[elasticsearch-8.6.2.jar:?] at org.elasticsearch.plugins.PluginsService.lambda$flatMap$0( ~[elasticsearch-8.6.2.jar:?] at$7$1.accept( ~[?:?] at$3$1.accept( ~[?:?] at java.util.AbstractList$RandomAccessSpliterator.forEachRemaining( ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at org.elasticsearch.node.Node.( ~[elasticsearch-8.6.2.jar:?] at org.elasticsearch.node.Node.( ~[elasticsearch-8.6.2.jar:?] at org.elasticsearch.bootstrap.Elasticsearch$2.( ~[elasticsearch-8.6.2.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.initPhase3( ~[elasticsearch-8.6.2.jar:?] at org.elasticsearch.bootstrap.Elasticsearch.main( ~[elasticsearch-8.6.2.jar:?] Caused by: org.elasticsearch.common.settings.SettingsException: The configuration setting [] is required at ~[?:?] at ~[?:?] at$getFactories$7( ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?] at ~[?:?]

But however in my terraform code , I am providing the keystore value as below -

resource "ec_deployment_elasticsearch_keystore" "client_secret" {
deployment_id =
setting_name = ""
value = ""

And here's elasticsearch.yaml file content :
order: 2
rp.client_id: "<>"
rp.response_type: "code"
rp.requested_scopes: ["openid", "email", "groups", "profile"]
rp.redirect_uri: "${kibana_url}/api/security/oidc/callback"
op.issuer: "<>"
op.authorization_endpoint: "<>"
op.token_endpoint: "<>"
op.userinfo_endpoint: "<>"
op.endsession_endpoint: "<>"
op.jwkset_path: "<>"
claims.principal: "user"
claim_patterns.principal: "^([^@]+)$"
claims.groups: "groups"

Any help would be appreciated.


Hi @Saicharan_M Welcome to the community.

Can you format your code and logs please using the </> button and make sure you yml is properly formatted it.

Would you perhaps share your tf configuration?

Which documentation shows a single flow... is it this. I think that assume all the values are in the es.yml

What I do think I am reading from the errors is that the deployment is trying to use the keystore / get values before the keystore is ready...

I suspect you may need to create the deployment with the keystore and then apply the SAML config.

However I am not a TF expert but that is what I read from the logs

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.