Hi Everyone,
This post aims to deliver clear and concise knowledge within the field. I hope someone finds the guide helpful.
Azure
Create a new tenant.
Access the Microsoft Azure portal.
Select Microsoft Entra ID > Manage tenants > + Create.
Select a tenant type > Next: Configuration.
Enter the information to create the tenant.
Select Next: Review + Create.
Register an application.
Click the menu โฐ icon > Microsoft Entra ID > App registration > + New registration.
Enter the information to register the application > click register.
Create a secret
Click on the registered application > certificates & secrets > + New client secret.
Enter the information to create the secret > Add.
Copy and save the value and ID of the secret.
Keycloak
Configure an Identity Provider
Install Keycloak: https://artifacthub.io/packages/helm/bitnami/keycloak/
Access the Keycloak console - username: admin | password: copy the secret of the release name.
Click master > Create Realm.
Enter a Real name > Create.
Select the realm > Identity providers > Add provider > OpenID Connect v11.0.
Enter an Alias name.
Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.
Click on the registered application > Endpoints.
Copy the URL of the OpenID Connect metadata document.
Paste the URL under the OpenId Connect Settings > Discovery endpoint.
Verify the endpoints > Show metadata.
Under Client authentication select > Client secret sent as post.
Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.
Copy the registered application (client) ID.
Copy and paste the secret value in the Client Secret section > click Add.
Copy the Redirect URI.
Go to the Microsoft Azure portal > Microsoft Entra ID > App registration > Authentication.
Select + Add a platform > Web.
Paste the Redirect URI > click Configure.
Verify the configurations
Go to Keycloak > Client > click the Home URL.
On the Keycloak account management page click > signing in.
Click on the configured identity provider button.
Enter the login credentials on the Microsoft form > click submit.
OpenSearch
Authentication and Authorization
- Copy the configuration file from the path:
plugins/opensearch-security/securityconfig
Add the OpenId authentication domain (authc) to the config.yml.
Add the following settings to the dashboards.yml:
opensearch_security.auth.type:["openid"]
opensearch_security.auth.multiple_auth_enabled:true
opensearch_security.openid.connect_url:
opensearch_security.openid.client_id:
opensearch_security.openid.client_secret:
opensearch_security.openid.base_redirect_url:
Note:
Add other settings to meet the requirements.
Top comments (0)