Hi,
I have a system currently using AD to authenticate users. Recently, they've asked for SAML to be used as a primary realm. Problem is when I try to bring up Kibana I get "Error 403 - Forbidden". The logs show:
{"type":"error","@timestamp":"2021-02-11T14:41:30Z","tags":["connection","client","error"],"pid":3218,"level":"error","error":{"message":"140282498721664:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140282498721664:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140282498721664:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"}
{"type":"log","@timestamp":"2021-02-11T14:41:30Z","tags":["debug","http","server","Kibana","cookie-session-storage"],"pid":3218,"message":"Error: Unauthorized"}
{"type":"log","@timestamp":"2021-02-11T14:41:30Z","tags":["debug","plugins","security","saml"],"pid":3218,"message":"Trying to authenticate user request to /internal/security/me."}
{"type":"log","@timestamp":"2021-02-11T14:41:30Z","tags":["debug","plugins","security","saml"],"pid":3218,"message":"Trying to authenticate via header."}
{"type":"log","@timestamp":"2021-02-11T14:41:30Z","tags":["debug","plugins","security","saml"],"pid":3218,"message":"Authorization header is not presented."}
{"type":"log","@timestamp":"2021-02-11T14:41:30Z","tags":["debug","plugins","security","authentication"],"pid":3218,"message":"Could not handle authentication attempt"}
It seems a little cryptic to me only because the certs all work fine for both AD and other XPACK related applications such as 9300 traffic and such.