diff --git a/_security-plugin/configuration/openid-connect.md b/_security-plugin/configuration/openid-connect.md index 4d3e2b8e..cdb8c3f9 100755 --- a/_security-plugin/configuration/openid-connect.md +++ b/_security-plugin/configuration/openid-connect.md @@ -252,7 +252,7 @@ Name | Description Activate OpenID Connect by adding the following to `opensearch_dashboards.yml`: ``` -plugins.security.auth.type: "openid" +opensearch_security.auth.type: "openid" ``` @@ -274,29 +274,29 @@ OpenID Connect providers usually publish their configuration in JSON format unde Name | Description :--- | :--- -`plugins.security.openid.connect_url` | The URL where the IdP publishes the OpenID metadata. Required. -`plugins.security.openid.client_id` | The ID of the OpenID Connect client configured in your IdP. Required. -`plugins.security.openid.client_secret` | The client secret of the OpenID Connect client configured in your IdP. Required. -`plugins.security.openid.scope` | The [scope of the identity token](https://auth0.com/docs/scopes/current) issued by the IdP. Optional. Default is `openid profile email address phone`. -`plugins.security.openid.header` | HTTP header name of the JWT token. Optional. Default is `Authorization`. -`plugins.security.openid.logout_url` | The logout URL of your IdP. Optional. Only necessary if your IdP does not publish the logout URL in its metadata. -`plugins.security.openid.base_redirect_url` | The base of the redirect URL that will be sent to your IdP. Optional. Only necessary when OpenSearch Dashboards is behind a reverse proxy, in which case it should be different than `server.host` and `server.port` in `opensearch_dashboards.yml`. +`opensearch_security.openid.connect_url` | The URL where the IdP publishes the OpenID metadata. Required. +`opensearch_security.openid.client_id` | The ID of the OpenID Connect client configured in your IdP. Required. +`opensearch_security.openid.client_secret` | The client secret of the OpenID Connect client configured in your IdP. Required. +`opensearch_security.openid.scope` | The [scope of the identity token](https://auth0.com/docs/scopes/current) issued by the IdP. Optional. Default is `openid profile email address phone`. +`opensearch_security.openid.header` | HTTP header name of the JWT token. Optional. Default is `Authorization`. +`opensearch_security.openid.logout_url` | The logout URL of your IdP. Optional. Only necessary if your IdP does not publish the logout URL in its metadata. +`opensearch_security.openid.base_redirect_url` | The base of the redirect URL that will be sent to your IdP. Optional. Only necessary when OpenSearch Dashboards is behind a reverse proxy, in which case it should be different than `server.host` and `server.port` in `opensearch_dashboards.yml`. ### Configuration example ```yml # Enable OpenID authentication -plugins.security.auth.type: "openid" +opensearch_security.auth.type: "openid" # The IdP metadata endpoint -plugins.security.openid.connect_url: "http://keycloak.example.com:8080/auth/realms/master/.well-known/openid-configuration" +opensearch_security.openid.connect_url: "http://keycloak.example.com:8080/auth/realms/master/.well-known/openid-configuration" # The ID of the OpenID Connect client in your IdP -plugins.security.openid.client_id: "opensearch-dashboards-sso" +opensearch_security.openid.client_id: "opensearch-dashboards-sso" # The client secret of the OpenID Connect client -plugins.security.openid.client_secret: "a59c51f5-f052-4740-a3b0-e14ba355b520" +opensearch_security.openid.client_secret: "a59c51f5-f052-4740-a3b0-e14ba355b520" # Use HTTPS instead of HTTP opensearch.url: "https://.com:"