Okta SSO not working

sean.doody · September 23, 2022, 7:23pm

I am having trouble getting SAML integrated with Elastic. I used a 14-day Trail and got it to work there, but now that I tried to integrate it into our production environment I am getting errors.

Below is the yaml for our prod environment that isn't working. This is roughly the same that was used in our dev environment except some of the values were different due to us using Okta preview as opposed to Okta for testing.

xpack.security.authc.realms.saml:
  saml1:
    order: 2
    idp.metadata.path: 'https://company.okta.com/app/exklsxxxxxxx/sso/saml/metadata'
    idp.entity_id: 'http://www.okta.com/exklsxxxxxxxxxx'
    sp.entity_id: 'https://company.kb.us-east-1.aws.found.io:9243' # Make sure there is no trailing "/"
    sp.acs: 'https://company.kb.us-east-1.aws.found.io:9243/api/security/saml/callback'
    sp.logout: 'https://company.kb.us-east-1.aws.found.io:9243/logout'
    attributes:
      # Or replace with another SAML provider attribute you prefer to map to the username
      principal: nameid

This is the documentation I followed.

I would also like to note that we are using a cloud-hosted environment

stephenb · September 23, 2022, 9:51pm

You should open a support ticket since you are on Elastic Cloud... After all you're paying for support. This is just the community site

sean.doody · September 23, 2022, 10:22pm

Hi! So they actually referred me to here since we don’t pay for consulting support only fix/break support.

stephenb · September 23, 2022, 10:32pm

Ahhh I/C yes that has changed recently apologies!

Well you in the wrong docs ... you are in Enterprise Search you should be in Elasticsearch Service (Elastic Cloud) Take a look.

Normal SAML

Here is the OpenID OKTA example I think

system · October 21, 2022, 10:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.