From d0de7229eb57bae4fbecc9e5fe133ac11a1008d3 Mon Sep 17 00:00:00 2001
From: Craig Perkins <cwperx@amazon.com>
Date: Wed, 10 Aug 2022 15:36:22 -0400
Subject: [PATCH] Change /_plugins/_security/.. routes to
 /_opendistro/_security/... for SAML until plugins route is supported

Signed-off-by: Craig Perkins <cwperx@amazon.com>
---
 _security-plugin/configuration/saml.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_security-plugin/configuration/saml.md b/_security-plugin/configuration/saml.md
index 904d3998ee..fb27033a48 100755
--- a/_security-plugin/configuration/saml.md
+++ b/_security-plugin/configuration/saml.md
@@ -305,13 +305,13 @@ opensearch_security.auth.type: "saml"
 In addition, you must add the OpenSearch Dashboards endpoint for validating the SAML assertions to your allow list:
 
 ```yml
-server.xsrf.allowlist: ["/_plugins/_security/saml/acs"]
+server.xsrf.allowlist: ["/_opendistro/_security/saml/acs"]
 ```
 
 If you use the logout POST binding, you also need to ad the logout endpoint to your allow list:
 
 ```yml
-server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/saml/logout"]
+server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]
 ```
 
 ### IdP-initiated SSO
@@ -319,11 +319,11 @@ server.xsrf.allowlist: ["/_plugins/_security/saml/acs", "/_plugins/_security/sam
 To use IdP-initiated SSO, set the Assertion Consumer Service endpoint of your IdP to this:
 
 ```
-/_plugins/_security/saml/acs/idpinitiated
+/_opendistro/_security/saml/acs/idpinitiated
 ```
 
 Then add this endpoint to `server.xsrf.allowlist` in `opensearch_dashboards.yml`:
 
 ```yml
-server.xsrf.allowlist: ["/_plugins/_security/saml/acs/idpinitiated", "/_plugins/_security/saml/acs", "/_plugins/_security/saml/logout"]
+server.xsrf.allowlist: ["/_opendistro/_security/saml/acs/idpinitiated", "/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]
 ```