Hello!
We have an Elasticsearch setup running in on-prem data center as a Kubernetes application. I would like to configure SAML realm for SSO login to the cluster and Kibana, but in order to get authenticated to the Identity Provider (Azure AD) in our case, we have to go through a proxy IP address that allows access to public URL on the internet.
How can this proxy setup be added to the elasticsearch configuration? The current configuration is the following and we are using 7.6 ES version.
elasticsearch.yml: |
cluster.name: dev-observability
network.host: "0.0.0.0"
bootstrap.memory_lock: false
discovery.zen.ping.unicast.hosts: es-cluster-discovery.dev-elastic-system.svc.cluster.local
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: es-cluster-0, es-cluster-1, es-cluster-2
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
xpack.monitoring.enabled: true
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.license.self_generated.type: trial
xpack.security.authc.token.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/http.p12
xpack.security.authc.realms.saml.saml1:
order: 1
idp.metadata.path: /usr/share/elasticsearch/config/idp-metadata.xml
idp.entity_id: https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
sp.entity_id: SP-kibana-dev
sp.acs: https://kibana-dev.xxxxxxxxxxx.net/api/security/v1/saml
sp.logout: https://kibana-dev.xxxxxxxxxxx.net/logout
attributes.principal: urn:oid:0.9.2342.19200300.100.1.1
attributes.groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.
# xpack.security.authc.realms.basic.basic1:
# order: 0
node:
master: true
data: true
ingest: true
Thank you for your answers!