Got SAML authentication up and running, final steps were to set up signing and encryption with the IdP.
Following guide and wanted to use JKS. Updated the realm setting in elasticsearch.yml and the secure settings in the elasticsearch keystore however was with met with errors and a failed startup.
java.lang.IllegalArgumentException: unknown secure setting [encryption.keystore.secure_password] did you mean [xpack.ssl.keystore.secure_password]?
java.lang.IllegalArgumentException: unknown secure setting [signing.keystore.secure_password] did you mean [xpack.ssl.keystore.secure_password]?
Did some digging around and looks like need to set the secure settings like in the tests with the full realm setting prefix.
Thanks for your feedback. As you can see in every place in the guide you refer to, all settings are discussed relevant to xpack.security.authc.realms.saml1 . So when we for instance discuss
idp.entity_id
This is the identifier (SAML EntityID) that your IdP uses. It should match the entityID attribute within the
metadata file.
idp_entity_id goes under xpack.security.authc.realms.saml1, either as
xpack.security.authc.realms.saml1.idp_entity_id: value
or
xpack.security.authc.realms.saml1:
idp_entity_id: value
Thanks for the response. It is easy to follow along and configure the .yml
But the secure setting that needs to be set with the command-line tool is where it gets a bit unclear.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.