[BUG][Chart Name]Unable to use the saml in opensearch config #496
Labels
bug
Something isn't working
Comments
tarnjeetsingh
added
bug
|
@tarnjeetsingh This seems more like an issue with yaml parsing. Can you please refer #268 to see sample |
|
Yes it was resolved , actually it was the secret mounts that was creating mess in the security config, figured that out |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
*Description
I am trying to add saml as the backend as per the official documentation
it is mounted as such , but when it tries to run during the bootstrapping it give the following error
[2023-11-07T17:49:59,675][ERROR][o.o.s.c.ConfigurationRepository] [opensearch-cluster-master-2] Cannot apply default config (this is maybe not an error!)
java.security.PrivilegedActionException: null
at java.security.AccessController.doPrivileged(AccessController.java:573) ~[?:?]
at org.opensearch.security.support.ConfigHelper.uploadFile(ConfigHelper.java:86) ~[opensearch-security-2.9.0.0.jar:2.9.0.0]
at org.opensearch.security.support.ConfigHelper.uploadFile(ConfigHelper.java:65) ~[opensearch-security-2.9.0.0.jar:2.9.0.0]
at org.opensearch.security.configuration.ConfigurationRepository.lambda$new$0(ConfigurationRepository.java:146) [opensearch-security-2.9.0.0.jar:2.9.0.0]
at java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while parsing a block mapping
in 'reader', line 32, column 11:
type: saml
^
expected , but found ''
in 'reader', line 42, column 13:
exchange_key: "e2fc20c4cca8f4242 ...
^
at [Source: (FileReader); line: 42, column: 13]
If tried manually it says issue in opensearch security 7 format
ERR: Seems ../../../config/opensearch-security/config.yml is not in OpenSearch Security 7 format: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while parsing a block mapping
in 'reader', line 32, column 11:
type: saml
^
expected , but found ''
in 'reader', line 42, column 13:
exchange_key: "e2fc20c4cca8f4242 ...
^
at [Source: (FileReader); line: 42, column: 13]
To Reproduce
Steps to reproduce the behavior:
authc:
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_url: <metadata_url>
Entity_id: <Entity_id>
sp:
entity_id: <entity_id>
kibana_url: <kibana_url>
roles_key: Roles
exchange_key: <exchange_key>
authentication_backend:
type: noop
kerberos_auth_domain:
http_enabled: false
transport_enabled: false
order: 6
http_authenticator:
type: kerberos
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: false
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 4
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
proxy_auth_domain:
description: "Authenticate via proxy"
http_enabled: false
transport_enabled: false
order: 3
http_authenticator:
type: proxy
challenge: false
config:
user_header: "x-proxy-user"
roles_header: "x-proxy-roles"
authentication_backend:
type: noop
jwt_auth_domain:
description: "Authenticate via Json Web Token"
http_enabled: false
transport_enabled: false
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
jwt_header: "Authorization"
jwt_url_parameter: null
jwt_clock_skew_tolerance_seconds: 30
roles_key: null
subject_key: null
authentication_backend:
type: noop
Expected behavior
Saml config should be uploaded and usable
Chart Name
opensearch-2.14.1
Screenshots
If applicable, add screenshots to help explain your problem.
The text was updated successfully, but these errors were encountered: