We are running ELK stack version 7.17 with platinum license. We want to integrate Elasticsearch with Azure AD OIDC . We have done the configuration both at kibana and elasticsearch level.
xpack.security.authc.token.enabled: true xpack.security.authc.realms.native.native-elastic: order: 0 xpack.security.authc.realms.oidc.oidc-azure: order: 1 rp.client_id: ".......17b0-ebc9-4fc1......" rp.response_type: "code" #rp.response_type: "id_token" rp.requested_scopes: ["openid", "email"] rp.redirect_uri: "https://some-dns.com:5601/api/security/oidc/callback" #rp.redirect_uri: "https://some-dns.com.com:5601/api/security/oidc/implicit" op.authorization_endpoint: "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize" op.token_endpoint: "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxx/oauth2/v2.0/token" op.userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo" op.endsession_endpoint: "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout" rp.post_logout_redirect_uri: "https://some-dns.com:5601/security/logged_out" http.proxy.host: "proxy_ip" http.proxy.port: proxy_port op.issuer: "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxx/v2.0" op.jwkset_path: "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxx/discovery/v2.0/keys" claims.principal: email
So when a user browse the kibana and click on "Login with Azure" first time it will say "We hit an authentication error. Please check your credentials and try again. If you still can't log in, contact your system administrator."
I have attached the screenshot also.
When user click again then it will take to kibana homepage i mean 2nd time it will get successful authentication.
Does anyone encounter with this issue while configuring OIDC realm. We have deleted the cache , cookies and history but still it is not working. We don't have incognito mode in browsers as it is disabled by organization