I am trying to setup SSO authentication with Azure AD.
elasticsearch.yml: |
cluster.name: dev-observability
network.host: "0.0.0.0"
bootstrap.memory_lock: false
discovery.zen.ping.unicast.hosts: es-cluster-discovery.dev-elastic-system.svc.cluster.local
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: es-cluster-0, es-cluster-1, es-cluster-2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.monitoring.enabled: true
xpack.license.self_generated.type: basic
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.authc.realms.saml.saml1:
order: 2
idp.metadata.path: /usr/share/elasticsearch/config/idp-metadata.xml
idp.entity_id: xxx
sp.entity_id: xxx
sp.acs: xxx
sp.logout: xxx
attributes.principal: urn:oid:0.9.2342.19200300.100.1.1
attributes.groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.
node:
master: true
data: true
ingest: true
kibana.yml: |
server.host: "0.0.0.0"
elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/elasticsearch-ca.pem
xpack.security.authc.providers:
saml.saml1:
order: 0
realm: saml1
And this is the error that I get from the Kibana logs:
{"type":"log","@timestamp":"2021-08-23T16:20:38Z","tags":["fatal","root"],"pid":7,"message":"{ Error: [config validation of [xpack.security].authc.providers]: expected value of type [array] but got [Object]\n at ObjectType.call (/usr/share/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:59:19)\n at ObjectType.ConfigSchema.validate (/usr/share/kibana/x-pack/plugins/security/server/config.js:90:23)\n at ConfigService.validateAtPath (/usr/share/kibana/src/core/server/config/config_service.js:188:19)\n at MapSubscriber.getDistinctConfig.pipe.config [as project] (/usr/share/kibana/src/core/server/config/config_service.js:196:81)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:49:35)\n at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at DistinctUntilChangedSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)\n at DistinctUntilChangedSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:55:26)\n at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18)\n at ReplaySubject._subscribe (/usr/share/kibana/node_modules/rxjs/internal/ReplaySubject.js:76:28)\n at ReplaySubject.Observable._trySubscribe (/usr/share/kibana/node_modules/rxjs/internal/Observable.js:44:25)\n at ReplaySubject.Subject._trySubscribe (/usr/share/kibana/node_modules/rxjs/internal/Subject.js:102:51)\n at ReplaySubject.Observable.subscribe (/usr/share/kibana/node_modules/rxjs/internal/Observable.js:30:22)\n at MapSubscriber.shareReplayOperation (/usr/share/kibana/node_modules/rxjs/internal/operators/shareReplay.js:44:32)\n at Observable.subscribe (/usr/share/kibana/node_modules/rxjs/internal/Observable.js:25:31)\n cause:\n { Error: expected value of type [array] but got [Object]\n at ArrayType.onError (/usr/share/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:84:20)\n at type.Type.schema.error (/usr/share/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:49:53)\n at finish (/usr/share/kibana/node_modules/joi/lib/types/any/index.js:529:50)\n at type._validate (/usr/share/kibana/node_modules/joi/lib/types/any/index.js:557:24)\n at type._base (/usr/share/kibana/node_modules/joi/lib/types/object/index.js:212:45)\n at type._validate (/usr/share/kibana/node_modules/joi/lib/types/any/index.js:614:37)\n at type._base (/usr/share/kibana/node_modules/joi/lib/types/object/index.js:212:45)\n at type._validate (/usr/share/kibana/node_modules/joi/lib/types/any/index.js:614:37)\n at type._validateWithOptions (/usr/share/kibana/node_modules/joi/lib/types/any/index.js:674:29)\n at module.exports.internals.Any.root.validate (/usr/share/kibana/node_modules/joi/lib/index.js:146:23)\n at ObjectType.call (/usr/share/kibana/node_modules/@kbn/config-schema/target/out/types/type.js:54:72)\n at ObjectType.ConfigSchema.validate (/usr/share/kibana/x-pack/plugins/security/server/config.js:90:23)\n at ConfigService.validateAtPath (/usr/share/kibana/src/core/server/config/config_service.js:188:19)\n at MapSubscriber.getDistinctConfig.pipe.config [as project] (/usr/share/kibana/src/core/server/config/config_service.js:196:81)\n at MapSubscriber._next (/usr/share/kibana/node_modules/rxjs/internal/operators/map.js:49:35)\n at MapSubscriber.Subscriber.next (/usr/share/kibana/node_modules/rxjs/internal/Subscriber.js:66:18) cause: undefined, path: [ 'authc', 'providers' ] } }"}
FATAL Error: [config validation of [xpack.security].authc.providers]: expected value of type [array] but got [Object]
ES and Kibana version is 7.6.1. Any ideas why this is the case? I've been following this guide: Configuring SAML single-sign-on on the Elastic Stack | Elasticsearch Guide [7.14] | Elastic
Note that if I remove xpack.security.authc.realms.saml.saml1 attributes in elasticearch.yml and xpack.security.authc.providers attributes in kibana.yml, the setup works.