Kibana will not take SAML config changes in the User Settings Overrides

Ryan_Downey · October 2, 2019, 4:13pm

I have a deployment that will not take the SAML settings that I'm trying to implement. I have tried to implement the Kibana settings needed to allow SAML access and the changes fail every time. This is occurring on another deployment as well. Out of the three deployments that I've tried to implement SAML access to only one has taken the changes and allows SAML access.

There was a problem applying this configuration change
[rolling-upgrade]: [java.lang.IllegalStateException: The state did not become the desired one before [600000 milliseconds] elapsed. Last error was: [Instance is not running [instance-0000000016]. Please check allocator/docker logs.]]
 {
   "cluster_topology": [
     {
       "instance_configuration_id": "kibana",
       "size": {
         "resource": "memory",
         "value": 4096
       },
       "zone_count": 2
     }
   ],
   "kibana": {
     "system_settings": {
       "elasticsearch_password": "xxxxxx",
       "elasticsearch_url": "xxxxxx",
       "elasticsearch_username": "found-internal-kibana4-server"
     },
-    "user_settings_yaml": "# Note that the syntax for user settings can change between major versions.\n# You might need to update these user settings before performing a major version upgrade.\n#\n# Use OpenStreetMap for tiles:\n# tilemap:\n#   options.maxZoom: 18\n#   url: http://a.tile.openstreetmap.org/{z}/{x}/{y}.png\n#\n# To learn more, see the documentation.\n#xpack.security.authc.providers: [saml, basic]\n#xpack.security.authc.saml.realm: saml1\n#server.xsrf.whitelist: [/api/security/v1/saml]\n#xpack.security.authProviders: [saml, basic]\n#server.xsrf.whitelist: [/api/security/v1/saml]\n#xpack.security.public:\n#  protocol: https\n#  hostname: xxxxxx\n#  port: 9243\n#\nxpack.ilm.enabled: true\n#\n#xpack.security.authProviders: [saml, basic]\n#server.xsrf.whitelist: [/api/security/v1/saml]\n#xpack.security.public:\n#  protocol: https\n#  hostname: xxxxxx\n#  port: 9243",
+    "user_settings_yaml": "# Note that the syntax for user settings can change between major versions.\n# You might need to update these user settings before performing a major version upgrade.\n#\n# Use OpenStreetMap for tiles:\n# tilemap:\n#   options.maxZoom: 18\n#   url: http://a.tile.openstreetmap.org/{z}/{x}/{y}.png\n#\n# To learn more, see the documentation.\n#xpack.security.authc.providers: [saml, basic]\n#xpack.security.authc.saml.realm: saml1\n#server.xsrf.whitelist: [/api/security/v1/saml]\n#xpack.security.authProviders: [saml, basic]\n#server.xsrf.whitelist: [/api/security/v1/saml]\n#xpack.security.public:\n#  protocol: https\n#  hostname: xxxxxx\n#  port: 9243\n#\nxpack.ilm.enabled: true\n#\nxpack.security.authProviders: [saml, basic]\nserver.xsrf.whitelist: [/api/security/v1/saml]\nxpack.security.public:\n  protocol: https\n  hostname: xxxxxx\n  port: 9243",
     "version": "7.3.0"
   },
   "transient": {
     "strategy": {
       "rolling": {}
     }
   }
 }

Alex_Piggott · October 2, 2019, 4:29pm

Can you adding "logging.quiet: false" to the YAML and then you should get some useful logs explaining the error (note we recommend against leaving it on, since it's quite noisy and ends up filling up the disk causing Kibana to need reallocating)

system · October 16, 2019, 4:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.