Elastic Cloud SAML Logout loop


(James Hogbin) #1

I've set up my SAML authentication. Login works like a champ now, however the logout is stuck in a loop, as set out in theSAML Logout section

I'm testing Okta & OneLogin and both need the Logout to be signed.

How do you get Elastic cloud to do this?


(James Hogbin) #2


So on further exploration, Okta needs signatures, one login doesn't

So here is how I configured onelogin if anybody else is struggling:

Use the SAML Test Connector (Advanced) App

RelayState: [Blank]
Audience: https://[uuid].europe-west1.gcp.cloud.es.io:9243/
Recipient: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
ACS (Consumer) URL Validator: ^https:\/\/[uuid].europe-west1.gcp.cloud.es.io:9243\/api\/security\/v1\/saml*
ACS (Consumer) URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
Single logout URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/logout
Login URL: https://[uuid].europe-west1.gcp.cloud.es.io:9243/api/security/v1/saml
SAML Not valid before: 3
SAML not valid on or after: 3
SAML initiater: Service Provider
SAML nameID format: Persistent
SAML issuer type: Specific
SAML signature element: Response
Encrypt assertion : NOT checked

(Roy Zanbel) #3

@hogbinj thanks for letting us know!
We will further investigate and work towards fixing this issue.

(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.