Given the widespread adoption of SAML authentication/authorization in public clouds it may be prudent to include an example implementation of SAML via a custom auth realm using any SAML IdP as a point of reference to provide your customers with a working example which can be modified (if necessary) to work with their own IdP's. One of your competitors recently released native SAML v2.0 SSO/SLO support using the following IdP:
https://www.pingidentity.com/en/products/pingfederate.html
There are many organizations that required this type of functionality from production systems hosted in public clouds which could be a barrier to adoption for your project.
I also agree that this needs to be implemented in Shield, simply implementing in Kibana is a half baked solution that isn't going to satisfy security requirements at many organizations.
It doesn't do any good to use SAML for SSO/SLO if you still have to make an LDAP endpoint available for authorization so using authentication proxies for this doesn't really solve the problem at hand.
Any updates on the current status of this work?
-- Rob Frey