Hi All,
Below are my SAML configuration for Elasticsearch and Kibana, but getting Warning as
[WARN ][o.e.x.s.a.AuthenticationService] [SA145] Authentication to realm saml1 failed - Provided SAML response is not valid for realm saml/saml1 (Caused by ElasticsearchSecurityException[SAML content is in-response-to _8ca119eb20c3a44e54c0edba4538500bf62b3879 but expected one of [] ])
On Debugging in IE gets below error in Response Body,
{"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [<unauthenticated-saml-user>] for action [cluster:admin/xpack/security/saml/authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"}
Need help to identify actually where issue lie, in ELK configuration or in Azure configuration.
Below is my complete configuration
**1. Node A - Elasticsearch Config**
cluster.name: sap
node.name: SAP145
node.master: true
node.data: true
network.host: 10.11.12.145
http.port: 5081
discovery.seed_hosts: ["10.11.12.145"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.authc.accept_default_password: false
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.saml.saml1:
order: 0
idp.metadata.path: saml/idp-metadata.xml
idp.entity_id: "https://sts.windows.net/40d9d3d6-53ad-415c-aee8-72de90a76ab0/"
sp.entity_id: "https://10.12.12.111:5080/"
sp.acs: "https://10.12.12.111:5080/api/security/v1/saml"
attributes.principal: "http://schemas.microsoft.com/identity/claims/emailaddress"
2. Node B Elasticsearch Config
cluster.name: sap
node.name: SA146
node.master: true
node.data: true
network.host: 10.11.12.146
http.port: 5081
discovery.seed_hosts: ["10.11.12.145","10.11.12.146"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.authc.accept_default_password: false
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.saml.saml1:
order: 2
idp.metadata.path: saml/idp-metadata.xml
idp.entity_id: "https://sts.windows.net/40d9d3d6-53ad-415c-aee8-72de90a76ab0/"
sp.entity_id: "https://10.12.12.111:5080/"
sp.acs: "https://10.12.12.111:5080/api/security/v1/saml"
attributes.principal: "http://schemas.microsoft.com/identity/claims/emailaddress"
Kibana Config
server.port: 5080
server.host: "10.12.12.111"
elasticsearch.hosts: ["https://10.11.12.145:5081"]
server.ssl.enabled: true
server.ssl.certificate: /elk_7.4.1/kibana-7.4.0-linux-x86_64/config/certs/kibana-server.crt
server.ssl.key: /elk_7.4.1/kibana-7.4.0-linux-x86_64/config/certs/kibana-server.key
elasticsearch.ssl.certificateAuthorities: "/elk_7.4.1/kibana-7.4.0-linux-x86_64/config/certs/elasticsearch-ca.pem"
elasticsearch.ssl.verificationMode: full
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
xpack.reporting.capture.browser.chromium.disableSandbox: true
csp.warnLegacyBrowsers: false
xpack.security.authc.providers: [saml,basic]
xpack.security.authc.saml.realm: saml1
xpack.security.sessionTimeout: 10000
server.xsrf.whitelist: [/api/security/v1/saml]