SAML - Migrate to new IDP

heric · August 10, 2023, 9:39am

Hi All,

I have 5 nodes cluster of elasticsearch integrated to SAML IDP.
i want to migrate to new SAML IDP but i don't have working test environment to integrate to this new IDP.

Below scenario that i can think of, do you think this will be feasible ( mostly the part where i want to change the SAML configuration on one node only to test the integration ).

create local users and provide existing users with this temporary local users
offload 1 elasticsearch node ( because i didn't enable replica and restart of the live node will have impact to the service )
configure kibana elasticsearch host to this offloaded node
configure new SAML IDP in this node and test the integration
if it is working, rollout to the other nodes.

Thanks.

TimV · August 11, 2023, 7:42am

Doing it on one node will work fine.

However, you can have multiple SAML realms on a node, and configure Kibana to prompt users to pick which one to use.
If your old IdP is going to remain available during the migration, you should be able to add the new IdP, test it, and then remove the old one without needing to isolate a node.

heric · August 11, 2023, 2:29pm

Thank you Tim.

i am using elasticsearch 7.16.2 and kibana 7.13.2 , is that multiple saml realm supported and whether kibana will show the login selector by default or need to be configured

system · September 8, 2023, 2:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SAML configuration in a Elasticsearch cluster Elasticsearch	3	472	November 8, 2018
Realm discovery with SAML integration Elasticsearch elastic-stack-security	7	754	August 8, 2019
Elastic Cloud SAML SSO in 'trial' environment Elasticsearch elastic-stack-security	15	839	March 23, 2023
Kibana SAML integration issue Kibana	6	1360	August 3, 2018
Kibana SAML implementation issues Kibana	10	2583	October 10, 2018

SAML - Migrate to new IDP

Related Topics