SAML Issues with Sales Force IPd

Hi there, I am getting the following error when I use salesforce.com for SAML:

Elasticsearch Logs:

[2018-08-19T13:11:37,693][WARN ][o.e.x.s.a.AuthenticationService] [MYtrM5v] Authentication to realm saml1 failed - Provided SAML response is not valid for realm saml/saml1 (Caused by ElasticsearchSecurityException[SAML Response is not a 'success' response: Code=urn:oasis:names:tc:SAML:2.0:status:AuthnFailed Message=null Detail=null])

My ES Config:

xpack.security.enabled: true
xpack.security.authc.token.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.verification_mode: certificate

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

xpack.security.authc.realms.saml1:
type: saml
enabled: true
order: 0
idp.metadata.path: saml/ipd-external.xml
idp.entity_id: "https://mydomain.my.salesforce.com"
sp.entity_id: "https://myip:5601"
sp.acs: "https://myip:5601/api/security/v1/saml"
sp.logout: "https://myip:5601/logout"
attributes.principal: "nameid:persistent"

Kibana Logs show nothing.

Kibana Config:

server.host: "0.0.0.0"

xpack.security.public:
protocol: https
hostname: 18.212.241.36
port: 5601

server.ssl.enabled: true
server.ssl.key: /home/ec2-user/kibana-6.3.2-linux-x86_64/config/certs/server.key
server.ssl.certificate: /home/ec2-user/kibana-6.3.2-linux-x86_64/config/certs/server.crt

elasticsearch.url: "https://localhost:9200"

lasticsearch.username: "elastic"
elasticsearch.password: "xxx"

pack.security.authProviders: [saml]
server.xsrf.whitelist: [/api/security/v1/saml]

Browser Shows:

{"statusCode": 401,"error": "Unauthorized","message": "[security_exception] unable to authenticate user [<unauthenticated-saml-user>] for action [cluster:admin/xpack/security/saml/authenticate], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/_xpack/security/saml/authenticate\",\"query\":{},\"body\":\"{\\\"ids\\\"\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [<unauthenticated-saml-user>] for action [cluster:admin/xpack/security/saml/authenticate]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"unable to authenticate user [<unauthenticated-saml-user>] for action [cluster:admin/xpack/security/saml/authenticate]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}"}

Any ideas?

Thanks
Wayne

Hi

Your IdP returns a SAML Response saying that your authentication to the IdP has failed

Response is not a 'success' response: Code=urn:oasis:names:tc:SAML:2.0:status:AuthnFailed Message=null Detail=null])

I think you should start from the logs of your IdP in order to figure out what is wrong there.

Thank you so much. That helped. I had to do a bit of googling for idP logs for sales force. But it informed with the last post that even System Admin doesn't get it by default.

https://success.salesforce.com/answers?id=90630000000gur9AAA

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.