We are configuring x-pack to integrates with an SSO provider, but unfortunately, this SSO Service exposes only HTTP-POST binding. I saw on X-Pack documentation that it only supports Redirect binding but I would want to know if anyone had this problem and how to solved that.
Elasticsearch SAML integration while using HTTP-Redirect
Our SAML integration only supports HTTP-Redirect to the IdP (it does support HTTP-Post on return from the Idp to Kibana), and I don't think you'll be able to work around that. What IdP do you have that only supports HTTP-Post?
If this is an issue for you, and you have a support or sales contact, then please ask them to raise an Enhancement Request to support HTTP-Post (and include details about the IdP).
Thanks for your answer.
The IdP is provided to us by our customer and had developed by themselves.
Only for clarification purposes, is a recommendation (best practice) that the IdP needs to support HTTP-Redirect binding?
It is actually more than a recommendation:
Conformance Requirements for theOASIS Security Assertion Markup Language (SAML) V2.0, page 9, all Identity Providers
MUST support the
Furthermore, the use of
HTTP-Redirect binding is preferred in pretty much all interoperability profiles published, i.e.:
Thanks for your answer!
It was very enlightening.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.