Merge pull request #105 from opensearch-project/security-updates

Added required openid lines to TLS configuration yaml files
This commit is contained in:
Keith Chan 2021-07-16 16:10:37 -07:00 committed by GitHub
commit 25421e60e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 23 deletions

View File

@ -148,6 +148,7 @@ Use the following parameters to enable TLS for connecting to your IdP:
```yml ```yml
config: config:
openid_connect_idp:
enable_ssl: <true|false> enable_ssl: <true|false>
verify_hostnames: <true|false> verify_hostnames: <true|false>
``` ```
@ -164,11 +165,15 @@ To validate the TLS certificate of your IdP, configure either the path to the Id
```yml ```yml
config: config:
pemtrustedcas_filepath: /path/to/trusted_cas.pem openid_connect_idp:
enable_ssl: true
pemtrustedcas_filepath: /full/path/to/trusted_cas.pem
``` ```
```yml ```yml
config: config:
openid_connect_idp:
enable_ssl: true
pemtrustedcas_content: |- pemtrustedcas_content: |-
MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzETMBEGCgmSJomT8ixk
ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w
@ -189,13 +194,17 @@ To use TLS client authentication, configure the PEM certificate and private key
```yml ```yml
config: config:
pemkey_filepath: /path/to/private.key.pem openid_connect_idp:
enable_ssl: true
pemkey_filepath: /full/path/to/private.key.pem
pemkey_password: private_key_password pemkey_password: private_key_password
pemcert_filepath: /path/to/certificate.pem pemcert_filepath: /full/path/to/certificate.pem
``` ```
```yml ```yml
config: config:
openid_connect_idp:
enable_ssl: true
pemkey_content: |- pemkey_content: |-
MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk MIID2jCCAsKgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlTETMBEGCgmSJomT8ixk
ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w ARkWA2NvbTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1w