Elastic Cloud does not apply kibana settings

leobaiano · May 28, 2019, 6:59pm

I am following the documentation of the link below to activate the login with SAML in kibana however I always receive a message saying that the changes could not be applied.

https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-SAML.html

The necessary changes in elasticsearch seem to be applied because it does not return any errors, but in kibana I can not. Has anyone ever experienced this? It does not have any details in the log, it says to try again and if the problem persists contact support.

Alex_Piggott · May 28, 2019, 8:11pm

Do any either the ES or the Kibana logs in the logging and metrics cluster have any information?

This is always an error in the SAML config which Kibana can't recover from I think

Alex

leobaiano · May 28, 2019, 8:31pm

I did not find where the kibana logs are and in elasticsearch I did not find anything relevant, just logs of success same.

Alex_Piggott · May 28, 2019, 8:52pm

Under the Kibana tab for a running deployment, there should be a link to the Kibana logs (under dashboard links maybe?)

If you want to post a sanitized version of the ES and Kibana config, we can definitely comment on whether the issue looks like similar SAML gotchas we've seen in the past

leobaiano · May 28, 2019, 9:15pm

At the moment the updates were successfully made in kibana, I did not make any changes I just tried several times.

It's redirecting correctly to the IdP inclusive, it looks fine, but it's weird having to have tried it several times.

Below is the code I'm using in ES and Kibana. Where has xxxxxx I replace here.

elasticsearch
xpack:
security:
authc:
realms:
cloud-saml:
type: saml
order: 2
attributes.principal: "nameid:persistent"
attributes.groups: "xxxxxxxx/groups"
idp.metadata.path: "xxxxxxfederationmetadata.xml?appid=xxxxxx"
idp.entity_id: "xxxxxxxx/"
sp.entity_id: "https://8b64c0c41ede48bc9e907a5279089109.us-east-1.aws.found.io:9243/"
sp.acs: "https://8b64c0c41ede48bc9e907a5279089109.us-east-1.aws.found.io:9243/api/security/v1/saml"
sp.logout: "https://8b64c0c41ede48bc9e907a5279089109.us-east-1.aws.found.io:9243/logout"

kibana
xpack.security.authProviders: [saml]
server.xsrf.whitelist: [/api/security/v1/saml]
xpack.security.public:
protocol: https
hostname: 8b64c0c41ede48bc9e907a5279089109.us-east-1.aws.found.io
port: 9243

system · June 11, 2019, 9:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.