Hi Everyone,

This post aims to deliver clear and concise knowledge within the field. I hope someone finds the guide helpful.

Azure

Create a new tenant.

• Access the Microsoft Azure portal.

• Select Microsoft Entra ID > Manage tenants > + Create.

• Select a tenant type > Next: Configuration.

• Enter the information to create the tenant.

• Select Next: Review + Create.

Register an application.

• Click the menu ☰ icon > Microsoft Entra ID > App registration > + New registration.

• Enter the information to register the application > click register.

Create a secret

• Click on the registered application > certificates & secrets > + New client secret.

• Enter the information to create the secret > Add.

• Copy and save the value and ID of the secret.

Keycloak

Configure an Identity Provider

• Install Keycloak: https://artifacthub.io/packages/helm/bitnami/keycloak/

• Access the Keycloak console - username: admin | password: copy the secret of the release name.

• Click master > Create Realm.

• Enter a Real name > Create.

• Select the realm > Identity providers > Add provider > OpenID Connect v11.0.

• Enter an Alias name.

• Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.

• Click on the registered application > Endpoints.

• Copy the URL of the OpenID Connect metadata document.

• Paste the URL under the OpenId Connect Settings > Discovery endpoint.

• Verify the endpoints > Show metadata.

• Under Client authentication select > Client secret sent as post.

• Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.

• Copy the registered application (client) ID.

• Copy and paste the secret value in the Client Secret section > click Add.

• Copy the Redirect URI.

• Go to the Microsoft Azure portal > Microsoft Entra ID > App registration > Authentication.

• Select + Add a platform > Web.

• Paste the Redirect URI > click Configure.

Verify the configurations

• Go to Keycloak > Client > click the Home URL.

• On the Keycloak account management page click > signing in.

• Click on the configured identity provider button.

• Enter the login credentials on the Microsoft form > click submit.

OpenSearch

Authentication and Authorization

• Copy the configuration file from the path:

plugins/opensearch-security/securityconfig

• Add the OpenId authentication domain (authc) to the config.yml.

• Add the following settings to the dashboards.yml:
  

opensearch_security.auth.type:["openid"] 
opensearch_security.auth.multiple_auth_enabled:true
opensearch_security.openid.connect_url:  
opensearch_security.openid.client_id: 
opensearch_security.openid.client_secret: 
opensearch_security.openid.base_redirect_url: 

Note:
Add other settings to meet the requirements.