cluster Elasticsearch configuration:
xpack.security.authc.realms.saml.saml1:
order: 2
idp.metadata.path: https://login-uat.exadel.com/auth/realms/exadel-uat/protocol/saml/descriptor
idp.entity_id: "https://login-uat.exadel.com/auth/realms/exadel-uat"
sp.entity_id: "elastic.co"
sp.acs: "https://exadel.kb.westeurope.azure.elastic-cloud.com:9243/api/security/saml/callback"
sp.logout: "https://exadel.kb.westeurope.azure.elastic-cloud.com:9243/logout"
attributes.principal: "urn:oid:0.9.2342.19200300.100.1.1"
attributes.groups: "roles"
Create role mapping:
PUT /_security/role_mapping/saml-example
{
"roles": [ "superuser" ],
"enabled": true,
"rules": { "all": [
{ "field": { "realm.name": "saml1" } },
{ "field": { "groups": "/kibana_admin" } }
]}
}
Logs:
[instance-0000000000] SAML user = [User[username=user1,roles=[],fullName=null,email=null,metadata={saml(member)=[/kibana_admin], saml_nameid=user1, saml(email)=[user1@exadel.com], saml_email=[user1@exadel.com], saml_username=[user1], saml_group_mapping=[/kibana_admin], saml_nameid_format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, saml(urn:oid:0.9.2342.19200300.100.1.1)=[user1]}]]
[instance-0000000000] SAML attribute mapping = [UserData{username:user1; dn:null; groups:[]; metadata:{saml(member)=[/kibana_admin], saml_nameid=user1, saml(email)=[user1@exadel.com], saml_email=[user1@exadel.com], saml_username=[user1], saml_group_mapping=[/kibana_admin], saml_nameid_format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, saml(urn:oid:0.9.2342.19200300.100.1.1)=[user1]}; realm=saml1}]
Error: When connect to kibana URL