Kibana Azure AD SSO Authentication

Hello,

I am trying to setup Kibana Authentication with Azure AD SSO and getting this error. What will be the cause of that error?

My server has connection to login.microsoftonline.com and can fetch federation xml.

Elasticsearch version is 8.11

I followed the Documentation and added the below lines to elasticsearch.yml. All setup at Azure is same as documentation.

xpack.security.authc.realms.saml.kibana-realm:
  order: 2
  attributes.principal: nameid
  attributes.groups: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
  idp.metadata.path: "https://login.microsoftonline.com/36de9075-00fd-4382-bce5-f43274a4881e/federationmetadata/2007-06/federationmetadata.xml?appid=c71909a2-2791-4271-88c2-0ad7e359823d"
  idp.entity_id: "https://sts.windows.net/36de9075-00fd-4382-bce5-f43274a4881e"
  sp.entity_id: "https://xxxxxxx"
  sp.acs: "https://xxxxxxx/api/security/saml/callback"
  sp.logout: "https://xxxxxxx/logout"
{"statusCode":500,"error":"Internal Server Error","message":"[security_exception\n\tRoot causes:\n\t\tsecurity_exception: Cannot get role descriptors [type/name={urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor] because the metadata [location=https://login.microsoftonline.com/36de9075-00fd-4382-bce5-f43274a4881e/federationmetadata/2007-06/federationmetadata.xml?appid=c71909a2-2791-4271-88c2-0ad7e359823d] for SAML entity [id=https://sts.windows.net/36de9075-00fd-4382-bce5-f43274a4881e] could not be resolved]: Cannot get role descriptors [type/name={urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor] because the metadata [location=https://login.microsoftonline.com/36de9075-00fd-4382-bce5-f43274a4881e/federationmetadata/2007-06/federationmetadata.xml?appid=c71909a2-2791-4271-88c2-0ad7e359823d] for SAML entity [id=https://sts.windows.net/36de9075-00fd-4382-bce5-f43274a4881e] could not be resolved"}

Solution was.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.