Briefly, this error occurs when there are multiple OpenID Connect realms configured with the same issuer in Elasticsearch. This can cause authentication issues as Elasticsearch cannot determine the correct realm to use. To resolve this, you should ensure that each OpenID Connect realm has a unique issuer. You can do this by checking your Elasticsearch configuration files and updating the issuer for each realm. Alternatively, if multiple realms are not needed, you can remove the extra realms from your configuration.
This guide will help you check for common problems that cause the log ” Found multiple OpenID Connect realm with issuer [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Found multiple OpenID Connect realm with issuer [{}]” class name is TransportOpenIdConnectPrepareAuthenticationAction.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
new ElasticsearchSecurityException("Cannot find OpenID Connect realm with issuer [{}]"; request.getIssuer()) ); return; } else if (matchingRealms.size() > 1) { listener.onFailure( new ElasticsearchSecurityException("Found multiple OpenID Connect realm with issuer [{}]"; request.getIssuer()) ); return; } else { realm = matchingRealms.get(0); }