Use case:
Set up Keycloak (Version 26.0.5) for Authentication using the OpenID protocol in Wazuh (Version 4.9.1).
Keycloak Configuration:
- Create a new OpenID Connect client, specify the
Valid redirect URIs
&Valid post logout redirect URIs
to your Wazuh dashboard, and add a token mapper as shown below :
- Create a Realm roles calling it Admin and assign the admin role:
- Create a group and add admin in Role mapping:
- Create a user and add it to the group:
Wazuh indexer configuration:
- Configure the Wazuh indexer to use SAML by modifying
/etc/wazuh-indexer/opensearch-security/config.yml
(My real name is WazuhOpenID) :
_meta:
type: "config"
config_version: 2
config:
dynamic:
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
openid_connect_idp:
enable_ssl: false
verify_hostnames: false
subject_key: preferred_username
roles_key: roles
openid_connect_url: http://192.168.121.1:8080/realms/WazuhOpenID/.well-known/openid-configuration
authentication_backend:
type: noop
- Load the new security configuration
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/^Cnfig.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 192.168.121.97 -nhnv
Wazuh Dashboard configuration:
- Set the openid authentication configuration by adding below to
/etc/wazuh-dashboard/opensearch_dashboards.yml
:
opensearch_security.auth.multiple_auth_enabled: true
opensearch_security.auth.type: ["basicauth","openid"]
opensearch_security.openid.connect_url: http://192.168.121.1:8080/realms/WazuhOpenID/.well-known/openid-configuration
opensearch_security.openid.base_redirect_url: https://192.168.121.97
opensearch_security.openid.client_id: wazuh-OpenID
- Restart Wazuh dashboard:
systemctl restart wazuh-dashboar
d