Kibana - Okta integration not working

ravirajaram · June 4, 2018, 6:59pm

I am getting the below error while try to integrate kibana with okta for SSO:

Jun 04 18:39:20 kibana-1 docker[31268]: org.elasticsearch.ElasticsearchSecurityException: Cannot find any matching realm for [SamlPrepareAuthenticationRequest{realmName=null, assertionConsumerServiceURL=https://a1.kibana.nonprod.com:443/api/security/v1/saml}]

I followed the steps mentioned in the post: Kibana SAML authentication issue and made sure that I have proper setting in my kibana.xml to match the acs url that I specify in the elasticsearch.yml.

snippet from kibana.xml:

public.protocol: https
public.hostname: a1.kibana.nonprod.com
public.port: 443

snippet from elasticsearch.yml

authc.realms.saml1:
type: saml
enabled: true
order: 2
idp.metadata.path: "/usr/share/elasticsearch/config/private/okta-nonprod.xml"
idp.entity_id: "http://www.okta.com/exk19gjjg09xxxxxxxx"
sp.entity_id:  "https://a1.kibana.nonprod.com"
sp.acs: "https://a1.kibana.nonprod.com:443/api/security/v1/saml"
sp.logout: "https://a1.kibana.nonprod.com/logout"
attributes.principal: "nameid:persistent"
attributes.groups: "groups"

What else could cause, this type of error?

TimV · June 5, 2018, 1:49am

What license are you running with?
Unfortunately you can get this exact error if your license does not allow for SAML (e.g. you are using a Gold license).
The error message has been changed to be more explicit in the 6.3 release.

ravirajaram · June 5, 2018, 4:34pm

Thanks TimV, we are using Gold licence for prod and non prod. Our dev cluster works fine, since it has trial license.

system · July 3, 2018, 4:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.