SSO-elastic

# Put secret on keystore
# xpack.security.authc.realms.oidc.MYCLIENTID.rp.client_secret: dd11dd11-dd11-dd11-dd11-dd11dd11dd11

xpack.security.authc.token.enabled: true

xpack:
  security:
    authc:
      realms:
        oidc:
          MYREALM: 
            order: 2
            rp.client_id: "MYCLIENTID"
            rp.response_type: "code"
            rp.redirect_uri: "https://MYELASTICDOMAIN:9243/api/security/v1/oidc"
            rp.signature_algorithm: "RS256"
            op.issuer: "https://MYSSOMAIN:8443/auth/realms/MYREALM"
            op.authorization_endpoint: "https://MYSSOMAIN:8443/auth/realms/MYREALM/protocol/openid-connect/auth"
            op.token_endpoint: "https://MYSSOMAIN:8443/auth/realms/MYREALM/protocol/openid-connect/token"
            op.userinfo_endpoint: "https://MYSSOMAIN:8443/auth/realms/MYREALM/protocol/openid-connect/userinfo"
            op.jwkset_path: "https://MYSSOMAIN:8443/auth/realms/MYREALM/protocol/openid-connect/certs"
            op.endsession_endpoint: "https://MYSSOMAIN:8443/auth/realms/MYREALM/protocol/openid-connect/logout"
            rp.post_logout_redirect_uri: "https://MYELASTICDOMAIN:9243/logged_out"
            ##### Put on keystore
            # rp.client_secret: dd11dd11-dd11-dd11-dd11-dd11dd11dd11
            #######################
            claims.principal: sub
            claims.groups: "http://example.info/claims/groups"