I have a AWS Opensearch in VPC network. I am using Nginx reverse proxy to access Opensearch Dashboard (Kibana). My Curent setup is working fine.
I tried to SAML Okta Authentication but getting following error:
"statusCode":500,"error":"Internal Server Error","message":"Internal Error"
I am using following configuration is Okta:
SSO URL: https://PROXY-URL/_plugin/kibana/_opendistro/_security/saml/acs
When attempting to access OpenSearch via the proxy URL, users are redirected to the Okta authentication page as expected. After entering the authentication code, the redirect URL points to
**https://PROXY-URL/_plugin/kibana/_opendistro/_security/saml/acs **
However, instead of successfully accessing OpenSearch Kibana, I am encountering an Internal Server Error with the following message
statusCode":500,"error":"Internal Server Error","message":"Internal Error"
My Nginx conf is following:
server {
server_name my-proxy-domain.com ;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /_plugin/kibana{
proxy_pass https://OpenSearch-Domain-xxxxxxxxxx.xxxxxxxEndpoint.com/_plugin/kibana;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
proxy_ssl_verify off;
}
location / {
return 403;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kxxxxxxxxxx.xxxxxxx..com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kxxxxxxxxxx.xxxxxxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I have setup SAML Okta auth with Nginx proxy. I created an EC2 windows instance within the same VPC and it worked perfectly fine.