CLI: Configuring OpenSearch to use OTDS for auth

A customer had a requirement to use Opensearch / Cog in an environment where the only auth available was OTDS that is using an Enterprise Directory Sync to push user accounts to it from AD. The OTDS system does not have access to the AD servers. This document documents how this was configured as a demo system.

📘 Pre-requisites

1. Most systems will not allow OAuth to occur over a insecure connection. TLS should be configured for OTDS, OpenSearch and OpenSearch Dashboards

2. OTDS system

3. OpenSearch

4. OpenSearch Dashboards

📘 Configuration

This How-To article comes in 3 phases: 

1. (25.x) Configure OTDS to act as an OAuth system

2. (25.x) Configure OpenSearch to use OTDS OAuth

3. (25.x) Configure OpenSearch Dashboards to use OTDS OAuth