Hello,
I'm trying to integrate ELK with Keycloak and I've encountered some problems, I'm not expert on elk side so I did some configuration on Kibana/Elasticsearch YML:
Elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.authc.token.enabled: true
xpack.security.authc.realms:
saml.saml1:
order: 2
idp.metadata.path: saml-elasticsearch-metadata.xml
idp.entity_id: "http://192.168.XXX.XX1:8080/auth/realms/grafana/protocol/saml"
sp.entity_id: "http://192.168.XXX.XX2:5601/"
sp.acs: "http://192.168.XXX.XX:56012/api/security/v1/saml"
sp.logout: "http://192.168.XXX.XX2:5601/logout"
attributes.principal: "nameid:persistent"
kibana.yml
xpack.security.authc.providers: [saml]
xpack.security.authc.saml.realm: saml1
server.xsrf.whitelist: [/api/security/v1/saml]
xpack.security.enabled: true
Log error Elasticsearch:
Nov 08 09:30:25 localhost.localdomain systemd[1]: Starting Elasticsearch...
Nov 08 09:30:29 localhost.localdomain systemd-entrypoint[9048]: WARNING: A terminally deprecated method in java.lang.System has been called
Nov 08 09:30:29 localhost.localdomain systemd-entrypoint[9048]: WARNING: System::setSecurityManager has been called by org.elasticsearch.bootstrap.Elasticsearch (file:/usr/share/elasticsearch/lib/elasticsearch-
Nov 08 09:30:29 localhost.localdomain systemd-entrypoint[9048]: WARNING: Please consider reporting this to the maintainers of org.elasticsearch.bootstrap.Elasticsearch
Nov 08 09:30:29 localhost.localdomain systemd-entrypoint[9048]: WARNING: System::setSecurityManager will be removed in a future release
Nov 08 09:30:31 localhost.localdomain systemd-entrypoint[9048]: WARNING: A terminally deprecated method in java.lang.System has been called
Nov 08 09:30:31 localhost.localdomain systemd-entrypoint[9048]: WARNING: System::setSecurityManager has been called by org.elasticsearch.bootstrap.Security (file:/usr/share/elasticsearch/lib/elasticsearch-7.15.
Nov 08 09:30:31 localhost.localdomain systemd-entrypoint[9048]: WARNING: Please consider reporting this to the maintainers of org.elasticsearch.bootstrap.Security
Nov 08 09:30:31 localhost.localdomain systemd-entrypoint[9048]: WARNING: System::setSecurityManager will be removed in a future release
Nov 08 09:30:45 localhost.localdomain systemd-entrypoint[9048]: uncaught exception in thread [main]
Nov 08 09:30:45 localhost.localdomain systemd-entrypoint[9048]: java.lang.IllegalStateException: security initialization failed
Nov 08 09:30:45 localhost.localdomain systemd-entrypoint[9048]: Likely root cause: ElasticsearchSecurityException[Cannot find metadata for entity [http://192.168.xxx.xx1:8080/auth/realms/grafana/protocol/saml]
Nov 08 09:30:45 localhost.localdomain systemd-entrypoint[9048]: at org.elasticsearch.xpack.security.authc.saml.SamlUtils.samlException(SamlUtils.java:106)
Nov 08 09:30:45 localhost.localdomain systemd-entrypoint[9048]: at org.elasticsearch.xpack.security.authc.saml.SamlRealm.resolveEntityDescriptor(SamlRealm.java:630)
I have generated metadata for realm = saml1 with below command:
[root@localhost elasticsearch]# bin/elasticsearch-saml-metadata --realm saml1
What is the friendly name for "principal" attribute "nameid:persistent" [default: principa
Thank you for your help