Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change /_plugins/_security/.. routes to /_opendistro/_security/... fo… #877

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions _security-plugin/configuration/saml.md
Original file line number Diff line number Diff line change
Expand Up @@ -305,25 +305,25 @@ opensearch_security.auth.type: "saml"
In addition, you must add the OpenSearch Dashboards endpoint for validating the SAML assertions to your allow list:

```yml
server.xsrf.allowlist: ["/_plugins/_security/saml/acs"]
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs"]
```

If you use the logout POST binding, you also need to ad the logout endpoint to your allow list:

```yml
server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/logout"]
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]
```

### IdP-initiated SSO

To use IdP-initiated SSO, set the Assertion Consumer Service endpoint of your IdP to this:

```
/_plugins/_security/saml/acs/idpinitiated
/_opendistro/_security/saml/acs/idpinitiated
```

Then add this endpoint to `server.xsrf.allowlist` in `opensearch_dashboards.yml`:

```yml
server.xsrf.allowlist: ["/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/acs", "/_plugins/_security/saml/logout"]
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]
```