Hello, I'm looking for some insight with configuring SAML SSO in a trial Elastic Cloud environment.
The deployment is on v8.6.1. Using Elasticsearch, Kibana, Enterprise Search.
The idP provider is SAML 2.0.
I have been using the SAML documentation here as a reference.
Below is the configuration I am using for Kibana:
xpack: security: authc: realms: saml: order: 2 attributes.principal: "nameid:persistent" idp.metadata.path: "idP_metadata_php_page" idp.entity_id: "ENT-ID" sp.entity_id: "AWS_Kibana_instance:9243" sp.acs: "AWS_Kibana_instance:9243/api/security/saml/callback" sp.logout: "AWS_Kibana_instance:9243/logout"
When trying to apply this to the deployment, it comes back with the following and I'm not sure if this is a syntax/config issue with the above or a limitation of being on a 'trial' deployment:
Your changes cannot be applied Kibana - 'xpack.security.authc.realms.saml.sp.logout': is not allowed Kibana - 'xpack.security.authc.realms.saml.sp.acs': is not allowed Kibana - 'xpack.security.authc.realms.saml.sp.entity_id': is not allowed Kibana - 'xpack.security.authc.realms.saml.idp.entity_id': is not allowed Kibana - 'xpack.security.authc.realms.saml.idp.metadata.path': is not allowed Kibana - 'xpack.security.authc.realms.saml.attributes.principal': is not allowed Kibana - 'xpack.security.authc.realms.saml.order': is not allowed
I have also been going down some other documentation referring SAML 2.0, but unsure if one set of documentation is preferred over another in this scenario.
Any insight is appreciated.