From 9378b78a0c7a516ca1893d71d8564d1d374e9bd1 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Fri, 9 Dec 2022 12:00:51 -0600 Subject: [PATCH] Revert SAML troubleshooting page to _opendistro route to match existing route (#2160) (#2162) Signed-off-by: Craig Perkins Signed-off-by: Craig Perkins (cherry picked from commit 0dc659cfd5fea768e7f0ab46315a003f05a6d642) Co-authored-by: Craig Perkins --- _troubleshoot/saml.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_troubleshoot/saml.md b/_troubleshoot/saml.md index 103604a86c..cb9815f9a9 100644 --- a/_troubleshoot/saml.md +++ b/_troubleshoot/saml.md @@ -42,7 +42,7 @@ After a successful login, your IdP sends a SAML response using HTTP POST to Open The endpoint the OpenSearch Dashboards security plugin provides is: ``` -/_plugins/_security/saml/acs +/_opendistro/_security/saml/acs ``` Make sure that you have configured this endpoint correctly in your IdP. Some IdPs also require you to add all endpoints to the allow list that they send requests to. Ensure that the ACS endpoint is listed. @@ -50,7 +50,7 @@ Make sure that you have configured this endpoint correctly in your IdP. Some IdP OpenSearch Dashboards also requires you to add this endpoint to the allow list. Make sure you have the following entry in `opensearch_dashboards.yml`: ``` -server.xsrf.allowlist: [/_plugins/_security/saml/acs] +server.xsrf.allowlist: [/_opendistro/_security/saml/acs] ``` @@ -94,7 +94,7 @@ This setting prints the SAML response to the OpenSearch log file so that you can Another way of inspecting the SAML response is to monitor network traffic while logging in to OpenSearch Dashboards. The IdP uses HTTP POST requests to send Base64-encoded SAML responses to: ``` -/_plugins/_security/saml/acs +/_opendistro/_security/saml/acs ``` Inspect the payload of this POST request, and use a tool like [base64decode.org](https://www.base64decode.org/) to decode it.