Kibana with SAML : Redirect url for non-authenticated users

Hello everyone,
I just activated SAML on Kibana with SSL on all components on a test environment, everything is fine.
I connected this Kibana with the Google SP.
And it works very fine !
I just have a question. My users are used to connect to Kibana with an URL like http://myurl/kibana/app/kibana (on the actual Kibana on production, without SAML).
But right now, with my kibana on a test environment (with SAML), if I'm logged in Google but I don't use the Google App button that redirects me to the Google SP (and then to the kibana) and i use the URL https://myurl/kibana/app/kibana, i've got an error like :
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

If i'm logged in Google, use the Kibana button in the Google app, close the Kibana tab then goes to https://myurl/kibana/app/kibana, everything is fine. I'm authenticated.

My question is : Is there any way that if a user doesn't use the Google app of my Kibana and goes directly to https://myurl/kibana/app/kibana (even if he's authenticated on Google), he's automatically redirected to the Google SP, and then to the Kibana app with its functionnal SAML account ?

I hope it's clear enough, i searched a lot if a topic was already open about that but i didn't find anything.
Thanks for your help !

You should definitely not be getting an internal server error. Can you please provide the Kibana logs during that time?

If you attempt to access Kibana and you are un-authenticated you should be redirected to the provider. Seeing as your hitting an exception, I think something might not be configured correctly.

Thanks a lot for your help, much appreciated.

Here's my elasticsearch.log when i try to loggin without being already logged in :

https://pastebin.com/F3zXtYXw

(Couldn't paste it directly here because too many characters)

Here's my elasticsearch.yml :

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.1.50.17
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/10.1.50.17/10.1.50.17.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/10.1.50.17/10.1.50.17.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /etc/elasticsearch/10.1.50.17/10.1.50.17.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/10.1.50.17/10.1.50.17.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/ca/ca.crt" ]
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.saml1:
type: saml
order: 2
idp.metadata.path: /etc/elasticsearch/mymetadatafile.xml
idp.entity_id: "https://accounts.google.com/o/saml2?idpid="
sp.entity_id: "https://myurl/kibana"
sp.acs: " https://myurl/kibana/api/security/v1/saml"
sp.logout: "https://myurl/kibana/logout"
attributes.principal: "nameid:persistent"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.