In the latest versions (Wazuh 4.9.0 & OpenSearch 2.10*), SSO has updated the exchange_key format requirements (see: exchange key settings), now mandating it to be 64 characters long.
This guide outlines three methods to generate the exchange key. If one method doesn’t resolve the issue, proceed to the next.
- Random Openssl:
openssl rand -hex 32
(Suggested here) - Dgst Openssl:
printf wazuhtest | openssl dgst -sha256
- Use a
keccak-256
generator: https://hash.rfctools.com/keccak-256-hash-generator/
Apply the change to the /etc/wazuh-indexer/opensearch-security/config.yml
file and always make to update the security index:
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/config.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h 127.0.0.1 -nhnv
2 responses to “SSO failed after Upgrading Opensearch or Wazuh 4.9.0 : failed parsing SAML config Or 500 internal error”
Well done. Anyway, small typo to correct as I said in the youtube video: chage ‘-nhn’ to ‘-nhnv’ in the command.
Thanks Antonio 😀 corrected.