Kibana - Okta integration not working

I am getting the below error while try to integrate kibana with okta for SSO:

Jun 04 18:39:20 kibana-1 docker[31268]: org.elasticsearch.ElasticsearchSecurityException: Cannot find any matching realm for [SamlPrepareAuthenticationRequest{realmName=null, assertionConsumerServiceURL=https://a1.kibana.nonprod.com:443/api/security/v1/saml}]

I followed the steps mentioned in the post: Kibana SAML authentication issue and made sure that I have proper setting in my kibana.xml to match the acs url that I specify in the elasticsearch.yml.

snippet from kibana.xml:

public.protocol: https
public.hostname: a1.kibana.nonprod.com
public.port: 443

snippet from elasticsearch.yml

authc.realms.saml1:
type: saml
enabled: true
order: 2
idp.metadata.path: "/usr/share/elasticsearch/config/private/okta-nonprod.xml"
idp.entity_id: "http://www.okta.com/exk19gjjg09xxxxxxxx"
sp.entity_id:  "https://a1.kibana.nonprod.com"
sp.acs: "https://a1.kibana.nonprod.com:443/api/security/v1/saml"
sp.logout: "https://a1.kibana.nonprod.com/logout"
attributes.principal: "nameid:persistent"
attributes.groups: "groups"

What else could cause, this type of error?

What license are you running with?
Unfortunately you can get this exact error if your license does not allow for SAML (e.g. you are using a Gold license).
The error message has been changed to be more explicit in the 6.3 release.

Thanks TimV, we are using Gold licence for prod and non prod. Our dev cluster works fine, since it has trial license.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.