Elastic Cloud SAML Logout loop

security

(James Hogbin) #1

I've set up my SAML authentication. Login works like a champ now, however the logout is stuck in a loop, as set out in theSAML Logout section

I'm testing Okta & OneLogin and both need the Logout to be signed.

How do you get Elastic cloud to do this?

James


(James Hogbin) #2

OK.

So on further exploration, Okta needs signatures, one login doesn't

So here is how I configured onelogin if anybody else is struggling:

Use the SAML Test Connector (Advanced) App

RelayState: [Blank]
Audience: https://[uuid].europe-west1.gcp.cloud.es.io:9243/
Recipient: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
ACS (Consumer) URL Validator: ^https:\/\/[uuid].europe-west1.gcp.cloud.es.io:9243\/api\/security\/v1\/saml*
ACS (Consumer) URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
Single logout URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/logout
Login URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
SAML Not valid before: 3
SAML not valid on or after: 3
SAML initiater: Service Provider
SAML nameID format: Persistent
SAML issuer type: Specific
SAML signature element: Response
Encrypt assertion : NOT checked


(Roy Zanbel) #3

@hogbinj thanks for letting us know!
We will further investigate and work towards fixing this issue.