SSO failed after Upgrading Opensearch or Wazuh 4.9.0 : failed parsing SAML config Or 500 internal error


In the latest versions (Wazuh 4.9.0 & OpenSearch 2.10*), SSO has updated the exchange_key format requirements (see: exchange key settings), now mandating it to be 64 characters long.

This guide outlines three methods to generate the exchange key. If one method doesn’t resolve the issue, proceed to the next.

Apply the change to the /etc/wazuh-indexer/opensearch-security/config.yml file and always make to update the security index:

export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv


2 responses to “SSO failed after Upgrading Opensearch or Wazuh 4.9.0 : failed parsing SAML config Or 500 internal error”

  1. Well done. Anyway, small typo to correct as I said in the youtube video: chage ‘-nhn’ to ‘-nhnv’ in the command.

Leave a Reply

Your email address will not be published. Required fields are marked *