Single sign-on SSO for Amazon OpenSearch Service using SAML and Keycloak
Big Data Blog
This article provides a guide on how to configure single sign-on (SSO) for Amazon OpenSearch Service dashboards using the SAML protocol and Keycloak as the identity provider (IdP).
Specifically, the article covers:
- Solution overview and architecture for SAML authentication with OpenSearch Service and Keycloak
- Prerequisites for setting up the solution
- Enabling SAML authentication for OpenSearch Service
- Configuring Keycloak as the IdP, including creating realms, clients, roles, groups, and users
- Downloading SAML metadata from Keycloak and integrating it with OpenSearch Service
- Testing the SAML authentication with Keycloak users
- Conclusion and clean-up steps
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Apr 17
2025
2025
Amazon OpenSearch Service supports SAML single sign-on for OpenSearch UI
Jul 24
2024
2024
Configure SAML federation with Amazon OpenSearch Serverless and Keycloak
Feb 7
2024
2024
Build SAML identity federation for Amazon OpenSearch Service domains within a VPC
Jan 26
2026
2026
Access a VPC-hosted Amazon OpenSearch Service domain with SAML authentication using AWS Client VPN
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.