[BUG] OIDC pemtrustedcas_filepath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem has no effect
#931
Comments
paulmossman
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the bug?
When I configure
pemtrustedcas_filepath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemin theconfig.ymlsection of the securityconfig file Secret then OIDC SSO fails. i.e. After successfully logging in and being redirected back to OpenSearch, Dashboards displays 401 Unauthorized.According to the documentation the full file path can be used. It does not have to be relative to the config directory.
If I configure
pemtrustedcas_contentwith the contents of/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemthen OIDC SSO works.How can one reproduce the bug?
Configure OIDC SSO using
pemtrustedcas_filepath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem, neitherpemtrustedcas_filepathwith a relative file path norpemtrustedcas_content.What is the expected behavior?
OIDC SSO login should be successful.
What is your host/environment?
OpenSearch: v2.18.0
OpenSearch operator: v2.7.0
Kubernetes: v1.31.4+k3s1
Do you have any screenshots?
Do you have any additional context?
See also: https://forum.opensearch.org/t/oidc-pemtrustedcas-filepath-etc-pki-ca-trust-extracted-pem-tls-ca-bundle-pem-has-no-effect/22558
The text was updated successfully, but these errors were encountered: