I've set up my SAML authentication. Login works like a champ now, however the logout is stuck in a loop, as set out in theSAML Logout section
I'm testing Okta & OneLogin and both need the Logout to be signed.
How do you get Elastic cloud to do this?
James
OK.
So on further exploration, Okta needs signatures, one login doesn't
So here is how I configured onelogin if anybody else is struggling:
Use the SAML Test Connector (Advanced) App
RelayState: [Blank]
Audience: https://[uuid].europe-west1.gcp.cloud.es.io:9243/
Recipient: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
ACS (Consumer) URL Validator: ^https:\/\/[uuid].europe-west1.gcp.cloud.es.io:9243\/api\/security\/v1\/saml*
ACS (Consumer) URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
Single logout URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/logout
Login URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
SAML Not valid before: 3
SAML not valid on or after: 3
SAML initiater: Service Provider
SAML nameID format: Persistent
SAML issuer type: Specific
SAML signature element: Response
Encrypt assertion : NOT checked
@hogbinj thanks for letting us know!
We will further investigate and work towards fixing this issue.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.