Hi There,
We are currently successfully using an OIDC setup with Keycloak to integrate Kibana dashboards into our customer portal. We use Elastic Cloud as backend and host the Kibana instances ourselves. Both running 7.5.1.
OIDC config:
xpack:
security:
authc:
realms:
oidc:
customer:
order: 2
rp.client_id: "kibana"
rp.response_type: "code"
rp.redirect_uri: "https://kibana.***********.com/api/security/v1/oidc"
rp.post_logout_redirect_uri: "https://kibana.***********.com/logout"
op.issuer: "https://keycloak.***********.com/auth/realms/customer"
op.authorization_endpoint: "https://keycloak***********.com/auth/realms/customer/protocol/openid-connect/auth"
op.token_endpoint: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/token"
op.userinfo_endpoint: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/userinfo"
op.jwkset_path: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/certs"
claims.principal: sub
claims.name: preferred_username
claims.mail: email
claims.groups: groups
Plans are to add some D3 graphs to our portal that need direct access to the elasticsearch API with the logged on credentials.
My dev guys are have not been able to create a successful setup. The article on your website (https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-without-kibana.html) didn't really help.
Questions:
- is what we are trying to achieve possible?
- do you have any working examples that we could use as a reference?
Thanks,
Dennis