Elastic Cloud and SAML Authentication Help

I've struggled getting information from the documentation and support (which isn't really their wheelhouse but thought I'd try anyways). The particular piece I'm having trouble getting is the SAML Service Provider Metadata from a cloud based instance, to be used by my custom written IDP.

I'm still new to SAML, though I've built a solution with oAuth2 (i know they're different)...so I don't think i'm clueless. Following the guides in the "Secure your clusters with SAML" which is written for the cloud (based on URL). It talks alot about using IDP Metadata URLs, and even guidance on preparing a zipped bundle, but nothing for getting the SP metadata.

I've come across the page "Generating SP metadata", which based on the title would be perfect, however it looks like it only applies to on-prem deployments.

The last thing I'll mention here is that I came across an Okta -> Elastic SAML guide (not an elastic resource), but I don't think I was able to extract the right information from it.

I've been stuck on this for about a month (not constant head banging, but coming back every few days hoping the break helps) and have had no luck. Any advice?

Hi there Adam !

Unfortunately there is currently no way to get the service provider metadata generated in cloud. We offer a cli utility to generate the SP metadata but there is unfortunately no way to invoke this in cloud.

The only workaround I can suggest for you currently is to

• download elasticsearch locally: https://www.elastic.co/downloads/elasticsearch
• copy the saml realm configuration from your cloud instance to the elasticsearch.yml in you local instance. You won't need anything else in terms of configuration or setup.
• run the elasticsearch-saml-metada utility locally and get the generated metadata file to share with your IDP.

Hope this helps

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.