Replace _opendistro route to _plugins

.github/workflows/cypress-test-multiauth-e2e.yml

@@ -83,7 +83,7 @@ jobs:
           opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
           opensearch_security.readonly_mode.roles: ["kibana_read_only"]
           opensearch_security.cookie.secure: false
-          server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
+          server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/logout"]
           opensearch_security.auth.type: ["basicauth","saml"]
           opensearch_security.auth.multiple_auth_enabled: true
           opensearch_security.auth.anonymous_auth_enabled: false

.github/workflows/cypress-test-saml-e2e.yml

@@ -83,7 +83,7 @@ jobs:
           opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
           opensearch_security.readonly_mode.roles: ["kibana_read_only"]
           opensearch_security.cookie.secure: false
-          server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/logout"]
+          server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/logout"]
           opensearch_security.auth.type: ["saml"]
           opensearch_security.auth.multiple_auth_enabled: true
           opensearch_security.auth.anonymous_auth_enabled: false

server/auth/types/saml/routes.ts

@@ -101,7 +101,7 @@ export class SamlAuthRoutes {
 
     this.router.post(
       {
-        path: `/_opendistro/_security/saml/acs`,
+        path: `/_plugins/_security/saml/acs`,
         validate: {
           body: schema.any(),
         },
@@ -200,7 +200,7 @@ export class SamlAuthRoutes {
 
     this.router.post(
       {
-        path: `/_opendistro/_security/saml/acs/idpinitiated`,
+        path: `/_plugins/_security/saml/acs/idpinitiated`,
         validate: {
           body: schema.any(),
         },
@@ -209,7 +209,7 @@ export class SamlAuthRoutes {
         },
       },
       async (context, request, response) => {
-        const acsEndpoint = `${this.coreSetup.http.basePath.serverBasePath}/_opendistro/_security/saml/acs/idpinitiated`;
+        const acsEndpoint = `${this.coreSetup.http.basePath.serverBasePath}/_plugins/_security/saml/acs/idpinitiated`;
         try {
           const credentials = await this.securityClient.authToken({
             requestId: undefined,
@@ -328,7 +328,7 @@ export class SamlAuthRoutes {
       }
     );
 
-    //  Once the User is authenticated via the '_opendistro/_security/saml/acs' route,
+    //  Once the User is authenticated via the '_plugins/_security/saml/acs' route,
     //  the browser will be redirected to '/auth/saml/redirectUrlFragment' route,
     //  which will execute the redirectUrlFragment.js.
     this.coreSetup.http.resources.register(

test/jest_integration/runIdpServer.js

@@ -31,7 +31,7 @@ const argv = minimist(process.argv.slice(2), {
 
 // Create certificate pair on the fly and pass it to runServer
 runServer({
-  acsUrl: `http://localhost:5601${argv.basePath}/_opendistro/_security/saml/acs`,
+  acsUrl: `http://localhost:5601${argv.basePath}/_plugins/_security/saml/acs`,
   audience: 'https://localhost:9200',
   cert: pems.cert,
   key: pems.private.toString().replace(/\r\n/, '\n'),