SAML Authentication unknown secure setting

Elasticsearch 6.3.1

Got SAML authentication up and running, final steps were to set up signing and encryption with the IdP.

Following guide and wanted to use JKS. Updated the realm setting in elasticsearch.yml and the secure settings in the elasticsearch keystore however was with met with errors and a failed startup.

java.lang.IllegalArgumentException: unknown secure setting [encryption.keystore.secure_password] did you mean [xpack.ssl.keystore.secure_password]?
java.lang.IllegalArgumentException: unknown secure setting [signing.keystore.secure_password] did you mean [xpack.ssl.keystore.secure_password]?

Did some digging around and looks like need to set the secure settings like in the tests with the full realm setting prefix.

Perhaps the guide/documentation could be updated to make this easier to understand.

Hi David ,

Thanks for your feedback. As you can see in every place in the guide you refer to, all settings are discussed relevant to . So when we for instance discuss

This is the identifier (SAML EntityID) that your IdP uses. It should match the entityID attribute within the
metadata file.

idp_entity_id goes under, either as value

    idp_entity_id: value

The same applies to the signing settings

That said, we will look into how this could be made more clear in our documentation and the guide.

Thanks again

Thanks for the response. It is easy to follow along and configure the .yml
But the secure setting that needs to be set with the command-line tool is where it gets a bit unclear.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.