From 7ff7b16c7d2fedb55ad475c454f7cbb4d0b07808 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 8 Dec 2022 20:13:36 -0500 Subject: [PATCH] Revert SAML troubleshooting page to _opendistro route to match existing route (#2160) Signed-off-by: Craig Perkins Signed-off-by: Craig Perkins (cherry picked from commit 0dc659cfd5fea768e7f0ab46315a003f05a6d642) --- _troubleshoot/saml.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_troubleshoot/saml.md b/_troubleshoot/saml.md index 103604a86c..cb9815f9a9 100644 --- a/_troubleshoot/saml.md +++ b/_troubleshoot/saml.md @@ -42,7 +42,7 @@ After a successful login, your IdP sends a SAML response using HTTP POST to Open The endpoint the OpenSearch Dashboards security plugin provides is: ``` -/_plugins/_security/saml/acs +/_opendistro/_security/saml/acs ``` Make sure that you have configured this endpoint correctly in your IdP. Some IdPs also require you to add all endpoints to the allow list that they send requests to. Ensure that the ACS endpoint is listed. @@ -50,7 +50,7 @@ Make sure that you have configured this endpoint correctly in your IdP. Some IdP OpenSearch Dashboards also requires you to add this endpoint to the allow list. Make sure you have the following entry in `opensearch_dashboards.yml`: ``` -server.xsrf.allowlist: [/_plugins/_security/saml/acs] +server.xsrf.allowlist: [/_opendistro/_security/saml/acs] ``` @@ -94,7 +94,7 @@ This setting prints the SAML response to the OpenSearch log file so that you can Another way of inspecting the SAML response is to monitor network traffic while logging in to OpenSearch Dashboards. The IdP uses HTTP POST requests to send Base64-encoded SAML responses to: ``` -/_plugins/_security/saml/acs +/_opendistro/_security/saml/acs ``` Inspect the payload of this POST request, and use a tool like [base64decode.org](https://www.base64decode.org/) to decode it.