Hello, I'm looking for some insight with configuring SAML SSO in a trial Elastic Cloud environment.
The deployment is on v8.6.1. Using Elasticsearch, Kibana, Enterprise Search.
The idP provider is SAML 2.0.
I have been using the SAML documentation here as a reference.
Below is the configuration I am using for Kibana:
xpack:
security:
authc:
realms:
saml:
order: 2
attributes.principal: "nameid:persistent"
idp.metadata.path: "idP_metadata_php_page"
idp.entity_id: "ENT-ID"
sp.entity_id: "AWS_Kibana_instance:9243"
sp.acs: "AWS_Kibana_instance:9243/api/security/saml/callback"
sp.logout: "AWS_Kibana_instance:9243/logout"
When trying to apply this to the deployment, it comes back with the following and I'm not sure if this is a syntax/config issue with the above or a limitation of being on a 'trial' deployment:
Your changes cannot be applied
Kibana - 'xpack.security.authc.realms.saml.sp.logout': is not allowed
Kibana - 'xpack.security.authc.realms.saml.sp.acs': is not allowed
Kibana - 'xpack.security.authc.realms.saml.sp.entity_id': is not allowed
Kibana - 'xpack.security.authc.realms.saml.idp.entity_id': is not allowed
Kibana - 'xpack.security.authc.realms.saml.idp.metadata.path': is not allowed
Kibana - 'xpack.security.authc.realms.saml.attributes.principal': is not allowed
Kibana - 'xpack.security.authc.realms.saml.order': is not allowed
I have also been going down some other documentation referring SAML 2.0, but unsure if one set of documentation is preferred over another in this scenario.
Any insight is appreciated.