Thanks for your answer @ikakavas
I tried to follow this guide and have this configuration for a local testing environment with Keycloak working on http://localhost:8080
xpack.security.authc.realms:
saml.saml1:
order: 2
idp.metadata.path: saml/saml-elasticsearch-metadata.xml
idp.entity_id: "http://localhost:8080"
sp.entity_id: "https://localhost:5601"
sp.acs: "https://localhost:5601/api/security/v1/saml"
sp.logout: "https://localhost:5601/logout"
attributes.principal: "nameid:persistent"
The generated saml-elasticsearch-metadata.xml file unfortunately does not contain an entity ID
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://localhost:5601">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:5601/logout"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:5601api/security/v1/saml" index="1" isDefault="true"/>
<md:AttributeConsumingService index="1" isDefault="true">
<md:ServiceName xml:lang="en-US">elasticsearch</md:ServiceName>
<md:RequestedAttribute FriendlyName="principal" Name="nameid:persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
</md:EntityDescriptor>
And Elasticsearch throws the following ElasticsearchSecurityException:
Cannot find metadata for entity [http://localhost:8080]