DEV Community

Anika Harju
Anika Harju

Posted on

Azure + Keycloak + OpenSearch

#devops #azure #keycloak #opensearch

Hi Everyone,

This post aims to deliver clear and concise knowledge within the field. I hope someone finds the guide helpful.

Azure

Create a new tenant.

  • Access the Microsoft Azure portal.

  • Select Microsoft Entra ID > Manage tenants > + Create.

  • Select a tenant type > Next: Configuration.

  • Enter the information to create the tenant.

  • Select Next: Review + Create.

Register an application.

  • Click the menu ☰ icon > Microsoft Entra ID > App registration > + New registration.

  • Enter the information to register the application > click register.

Create a secret

  • Click on the registered application > certificates & secrets > + New client secret.

  • Enter the information to create the secret > Add.

  • Copy and save the value and ID of the secret.

Keycloak

Configure an Identity Provider

  • Install Keycloak: https://artifacthub.io/packages/helm/bitnami/keycloak/

  • Access the Keycloak console - username: admin | password: copy the secret of the release name.

  • Click master > Create Realm.

  • Enter a Real name > Create.

  • Select the realm > Identity providers > Add provider > OpenID Connect v11.0.

  • Enter an Alias name.

  • Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.

  • Click on the registered application > Endpoints.

  • Copy the URL of the OpenID Connect metadata document.

  • Paste the URL under the OpenId Connect Settings > Discovery endpoint.

  • Verify the endpoints > Show metadata.

  • Under Client authentication select > Client secret sent as post.

  • Go to the Microsoft Azure portal > Microsoft Entra ID > App registration.

  • Copy the registered application (client) ID.

  • Copy and paste the secret value in the Client Secret section > click Add.

  • Copy the Redirect URI.

  • Go to the Microsoft Azure portal > Microsoft Entra ID > App registration > Authentication.

  • Select + Add a platform > Web.

  • Paste the Redirect URI > click Configure.

Verify the configurations

  • Go to Keycloak > Client > click the Home URL.

  • On the Keycloak account management page click > signing in.

  • Click on the configured identity provider button.

  • Enter the login credentials on the Microsoft form > click submit.

OpenSearch

Authentication and Authorization

  • Copy the configuration file from the path: 
plugins/opensearch-security/securityconfig
Enter fullscreen mode Exit fullscreen mode

  • Add the OpenId authentication domain (authc) to the config.yml.

  • Add the following settings to the dashboards.yml:

opensearch_security.auth.type:["openid"] 
opensearch_security.auth.multiple_auth_enabled:true
opensearch_security.openid.connect_url:  
opensearch_security.openid.client_id: 
opensearch_security.openid.client_secret: 
opensearch_security.openid.base_redirect_url:
Enter fullscreen mode Exit fullscreen mode

Note:
Add other settings to meet the requirements.

Top comments (0)