iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed `plugins` to `opensearch_security`

This commit is contained in:
Keith Chan 2021-08-13 11:12:23 -07:00 committed by GitHub
parent 0a497238c7
commit f7093ffd8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_security-plugin/configuration/openid-connect.md
View File

@ -252,7 +252,7 @@ Name | Description
Activate OpenID Connect by adding the following to `opensearch_dashboards.yml`:
```
plugins.security.auth.type: "openid"
opensearch_security.auth.type: "openid"
```
@ -274,29 +274,29 @@ OpenID Connect providers usually publish their configuration in JSON format unde
Name | Description
:--- | :---
`plugins.security.openid.connect_url` | The URL where the IdP publishes the OpenID metadata. Required.
`plugins.security.openid.client_id` | The ID of the OpenID Connect client configured in your IdP. Required.
`plugins.security.openid.client_secret` | The client secret of the OpenID Connect client configured in your IdP. Required.
`plugins.security.openid.scope` | The [scope of the identity token](https://auth0.com/docs/scopes/current) issued by the IdP. Optional. Default is `openid profile email address phone`.
`plugins.security.openid.header` | HTTP header name of the JWT token. Optional. Default is `Authorization`.
`plugins.security.openid.logout_url` | The logout URL of your IdP. Optional. Only necessary if your IdP does not publish the logout URL in its metadata.
`plugins.security.openid.base_redirect_url` | The base of the redirect URL that will be sent to your IdP. Optional. Only necessary when OpenSearch Dashboards is behind a reverse proxy, in which case it should be different than `server.host` and `server.port` in `opensearch_dashboards.yml`.
`opensearch_security.openid.connect_url` | The URL where the IdP publishes the OpenID metadata. Required.
`opensearch_security.openid.client_id` | The ID of the OpenID Connect client configured in your IdP. Required.
`opensearch_security.openid.client_secret` | The client secret of the OpenID Connect client configured in your IdP. Required.
`opensearch_security.openid.scope` | The [scope of the identity token](https://auth0.com/docs/scopes/current) issued by the IdP. Optional. Default is `openid profile email address phone`.
`opensearch_security.openid.header` | HTTP header name of the JWT token. Optional. Default is `Authorization`.
`opensearch_security.openid.logout_url` | The logout URL of your IdP. Optional. Only necessary if your IdP does not publish the logout URL in its metadata.
`opensearch_security.openid.base_redirect_url` | The base of the redirect URL that will be sent to your IdP. Optional. Only necessary when OpenSearch Dashboards is behind a reverse proxy, in which case it should be different than `server.host` and `server.port` in `opensearch_dashboards.yml`.
### Configuration example
```yml
# Enable OpenID authentication
plugins.security.auth.type: "openid"
opensearch_security.auth.type: "openid"
# The IdP metadata endpoint
plugins.security.openid.connect_url: "http://keycloak.example.com:8080/auth/realms/master/.well-known/openid-configuration"
opensearch_security.openid.connect_url: "http://keycloak.example.com:8080/auth/realms/master/.well-known/openid-configuration"
# The ID of the OpenID Connect client in your IdP
plugins.security.openid.client_id: "opensearch-dashboards-sso"
opensearch_security.openid.client_id: "opensearch-dashboards-sso"
# The client secret of the OpenID Connect client
plugins.security.openid.client_secret: "a59c51f5-f052-4740-a3b0-e14ba355b520"
opensearch_security.openid.client_secret: "a59c51f5-f052-4740-a3b0-e14ba355b520"
# Use HTTPS instead of HTTP
opensearch.url: "https://<hostname>.com:<http port>"