SAML Configuration Questions for Elastic Cloud

yago82 · September 21, 2023, 10:14am

Hello Elastic community,

I'm currently working on configuring SAML authentication for Elastic Cloud (not ECE). I have the following SAML configuration that I need to implement:

xpack.security.authc.realms.saml.saml1:
  order: 2
  idp.metadata.path: saml/idp-metadata.xml
  idp.entity_id: "https://sso.example.com/"
  sp.entity_id:  "https://kibana.example.com/"
  sp.acs: "https://kibana.example.com/api/security/saml/callback"
  sp.logout: "https://kibana.example.com/logout"
  attributes.principal: "urn:oid:0.9.2342.19200300.100.1.1"
  attributes.groups: "urn:oid:1.3.6.1.4.1.5923.1.5.1."

I have two specific questions:

IdP Metadata: The Siteminder vendor doesn't provide an IdP metadata URL. How can I configure the IdP metadata file (idp-metadata.xml) in Elastic Cloud without an URL?
Certificate Upload: Additionally, I would like to know how to upload a certificate (e.g., .pem) in Elastic Cloud, as I couldn't find any documentation regarding this in the Elastic documentation.

I'd appreciate any guidance or insights you can provide to help me with these SAML configuration challenges in Elastic Cloud.

Thank you in advance for your assistance.

yago82 · September 26, 2023, 10:17am

I have likely found the solution to the first point at the following link, point 10.
https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-SAML.html#ec_configure_your_8_0_or_above_cluster_to_use_saml

Regarding the generation of a .pem file to be provided to the SAML administrator, does anyone have an idea of how to generate and upload the file?

system · October 24, 2023, 10:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.