Hello ,
Please assist and thank you in advance for the help. Below are my configuration for everything . What am i doing wrong?
Elasticsearch Config
cluster.name: elasticsearch
node.name: node-1
bootstrap.memory_lock: false
network.host: elkmachine.corp.mynetwork.com
http.port: 9200
discovery.seed_hosts: ["elkmachine.corp.mynetwork.com"]
cluster.initial_master_nodes: ["node-1"]
xpack.security.audit.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.native.native1:
order: 0
xpack.security.authc.realms.saml.saml1:
order: 1
idp.metadata.path: "https://myokta.okta.com/app/exk1i59mmwdsjov5y20h8/sso/saml/metadata/"
idp.entity_id: "http://www.okta.com/exk1i59mmwdsjov5y20h8"
sp.entity_id: "https://elkmachine.corp.mynetwork.com/"
sp.acs: "https://elkmachine.corp.mynetwork.com/api/security/v1/saml"
idp.use_single_logout: true
sp.logout: "https://elkmachine.corp.mynetwork.com/logout"
attributes.principal: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
signing.certificate: saml-sign.crt
signing.key: saml-sign.key
KIBANA
server.name: "Kibana"
elasticsearch.hosts: ["https://elkmachine.corp.mynetwork.com:9200"]
kibana.index: ".kibana"
kibana.defaultAppId: "home"
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
server.ssl.enabled: true
server.ssl.certificate: "D:\\elk-certs\\elkmachinecorpmynetworkcom.crt"
server.ssl.key: "D:\\elk-certs\\elkmachinecorpmynetworkcom.key"
elasticsearch.ssl.verificationMode: none
xpack.security.encryptionKey: "i_am_enabling_this_for_security_and_more"
xpack.security.sessionTimeout: 600000
xpack.security.authc.providers: [basic, saml]
xpack.security.authc.saml.realm: saml1
server.xsrf.whitelist: [/api/security/v1/saml]
xpack.security.public.hostname: "elkmachine.corp.mynetwork.com"
OKTA
Single Sign On URL: https://elkmachine.corp.mynetwork.com/api/security/v1/saml
Recipient URL: https://elkmachine.corp.mynetwork.com/api/security/v1/saml
Destination URL: https://elkmachine.corp.mynetwork.com/api/security/v1/saml
Audience Restriction: https://elkmachine.corp.mynetwork.com/
Name ID Format: EmailAddress
Response: Signed
Assertion Signature: Signed
Signature Algorithm: RSA_SHA256
Digest Algorithm: SHA256
Assertion Encryption: Unencrypted
Name Name Format Value
user.login Unspecified user.email
SAML Single Logout: Enabled
Signature Certificate saml-sign.crt (CN=saml-sign)
Honor Force Authentication: Yes
And i keep getting this error when i try to login
{"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [<unauthenticated-saml-user>] for action [cluster:admin/xpack/security/saml/authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"}