I wanted to share my SAML configuration with Azure AD
No documentation I found is 100% correct
In a hot-warm deployment you must configure both elasticsearch instances
What were the docs that were wrong? Was is just that you had to do it in 2 places for hot-warm (the need to do everything under all topologies is something we're addressing soon)
This is true because the realm configuration syntax changed slightly in 7.0 for Elasticsearch and it is not very easy to document for Elastic Cloud as it supports multiple versions of Elasticsearch. We are working on it and we will update the documentation accordingly.
Can you please share with us what "does not work" meant in your case ? By the way, if you refer to the docs in Secure your clusters with SAML | Elasticsearch Service Documentation | Elastic, we - attempt to - clearly state that nameid:persistent is only used as an example of how attributes.principal can be configured and we point to the relevant docs explaining the options you have.
Defines the SAML attribute that is going to be mapped to the principal (username) of the authenticated user in Kibana. In this example, nameid:persistent maps the NameID with the urn:oasis:names:tc:SAML:2.0:nameid-format:persistent format from the Subject of the SAML Assertion. See the attribute mapping documentation for details and available options
We'd be more than happy to get your feedback regarding whether you still found this unclear and why.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.