If you are upgrading from Wazuh v4.8.2 or earlier to v4.9.0 or later, the value of the exchange_key in the /etc/wazuh-indexer/opensearch-security/config.yml file may need to be updated.
In previous versions (v4.8.0 and earlier), the exchange_key was set by copying the X.509 Certificate blob, excluding the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.
Starting with v4.9.0, the exchange_key must be a 64-character random alphanumeric string.
Description
We want to help our users deal with upgrade problems derived from our old documentation on how to set up SSO in wazuh-dashboard.
We need to create a new section in the Upgrade -> Troubleshooting guide in our documentation.
I propose to add the following section:
SSO when upgrading from Wazuh v4.8.2 and earlier
If you are upgrading from Wazuh v4.8.2 or earlier to v4.9.0 or later, the value of the
exchange_key
in the/etc/wazuh-indexer/opensearch-security/config.yml
file may need to be updated.In previous versions (v4.8.0 and earlier), the
exchange_key
was set by copying the X.509 Certificate blob, excluding the-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
lines.Starting with v4.9.0, the
exchange_key
must be a 64-character random alphanumeric string.Please review the relevant documentation, as our SSO guides have been updated. Particularly the first step of the wazuh-indexer configuration. (Okta, Microsoft Entra ID, PingOne, Google, Jumpcloud, OneLogin, Keycloack)
Additionaly, modify the documentation of the okta integration removing the following content: