Login Selector for Kibana when multiple authentication providers are enabled

[Whizzzer]

I'm trying to create a setup with local users (basicauth) and Oauth against Azure AD (openid). The configuration is working, yet when configuring/accessing the Kibana web interface it seems it is a "either one or the other" approach. Is that correct, or am I missing something?

It seems that with xpack this is possible by setting the value xpack.security.authc.selector.enabled: true according to this issue.

Is there a similar option within the opendistro_security plugin? Or will this option be available in the near future, or do you suggest another approach?

[pjcon]

I see that it's been a while, did you find a solution?

I don't have the answer so I wanted to express my lack of success here. Maybe running multiple opensearch instances?

[nateynateynate]

@Whizzzer - thanks so much for bringing this up at our community meeting today. I recall you mentioning needing some guidance on how to get ready to contribute and how you can best get started. I wanted to point you towards https://github.com/opensearch-project/.github/blob/main/CONTRIBUTING.md and https://github.com/opensearch-project/security/blob/main/MAINTAINERS.md. Those will at least help you get in contact with people who can help you get familiar with the namespacing and best practices, etm.

[Whizzzer]

@nateynateynate - Well, "bringing it up today" is perhaps not really accurate, but I get your point.. ;-)

But to come back to @pjcon (I haven't monitored this thread last 12 months): I ended up with using Keycloak as a central authentication system in which I can do whatever and however I want.. One or more Azure AD's combined with accounts otherwise kept local and so on. And the selection is done in Keycloak.

So I'm safe for now.. ;-)

[davidlago]

It seems like this is now fixed as of 2.4.0, but please re-open with more details if that is not the case.