Differences

This shows you the differences between two versions of the page.

--- wiki:opensearch_installation [2024/09/03 14:01] – [Creating Opensearch Dashboards users] add when will the sh script be deprecated antisa
+++ wiki:opensearch_installation [2025/03/05 14:59] (current) – [See also] antisa
@@ Line 99: / Line 99: @@
 in this example
-==== Creating Opensearch Dashboards users ====
-You can use UI and create new users then assign roles to this user in //Management>Security>Internal// users. If you are using Docker and the volume is deleted obviously this will not persist.
-Another way is to add the users directly in config file ///usr/share/opensearch/config/opensearch-security/internal_users.yml//:
-<code>
-user1:
-  hash: "$2y$12$g3/Gb1guZeeY3cDoJVNgvuVhQLx7OQyYkM3BdweWEQGOxYWYU55/C"
-  reserved: true
-  backend_roles:
-  - "reports_read_access"
-  description: "testing user"
-</code>
-If the Opensearch is already running and you add the above in config file you need to run the securityadmin.sh (which will be deprecated in the next major release https://github.com/opensearch-project/security/issues/1755)
-  cd /usr/share/opensearch/plugins/opensearch-security/tools/ && ./securityadmin.sh -cd ../../../config/opensearch-security/ -icl -nhnv -cacert ../../../config/root-ca.crt -cert ../../../config/admin.pem -key ../../../config/admin-key.pem
-Take care when running this because any users created through web UI will be destroyed (https://opensearch.org/docs/latest/security/configuration/security-admin/#a-word-of-caution) as the command will apply changes from the config files. Make a backup first with
-  cd /usr/share/opensearch/plugins/opensearch-security/tools/ && ./securityadmin.sh -backup my-backup -icl -nhnv -cacert ../../../config/root-ca.crt -cert ../../../config/admin.pem -key ../../../config/admin-key.pem
-then add the user to internal_users.yml file.
 ==== Troubleshooting ====
@@ Line 165: / Line 140: @@
   useExpandedHeader: false
 </code>
+=== Can't login and you get a json 401 response ===
+E.g.
+  {"statusCode":401,"error":"Unauthorized","message":"Authentication Exception"}
+This might happen if you are proxying connections to OS Dashboard for example, using nginx + auth_basic for authentication. It seems the username/passwd set for auth_basic gets passed to OS and that user/pwd most likely does not exist in the internal database.
+There might be a solution for this [[https://opensearch.org/docs/2.15/security/authentication-backends/proxy/|here]].
 ====== Tested on ======
@@ Line 171: / Line 155: @@
 ====== See also ======
   * [[wiki:logstash_setup|logstash setup]]
+  * [[wiki:creating_opensearch_dashboards_users|Creating Opensearch Dashboards users]]
+  * [[wiki:logstash_troubleshooting|logstash troubleshooting]]
 ====== References ======