Deployment ID: 020c87b
I keep running into the following error while trying to authenticate to kibana on an elastic cloud deployment, using SAML (OneLogin).
Authentication to realm saml1 failed - Provided SAML response is not valid for realm saml/saml1 (Caused by ElasticsearchSecurityException[SAML response pfx0e3d66c7-9838-3d32-cc90-3f9a4c795988 is for destination null but this realm uses https://e1074d7a2b5a463cb1ae0a2ff799cc3d.us-east-1.aws.found.io:9243/api/security/v1/saml])
ACS URL - https://e1074d7a2b5a463cb1ae0a2ff799cc3d.us-east-1.aws.found.io:9243/api/security/v1/saml SAML nameID format - Persistent SAML issuer type - Specific SAML signature element - Response Issuer URL - https://app.onelogin.com/saml/metadata/7f1a1ba1-f3c8-4faa-86ee-1990b1e0beaf
Elasticsearch.yml user settings
xpack: security: authc: realms: saml: saml1: order: 2 attributes.principal: "nameid:persistent" attributes.groups: "groups" idp.metadata.path: "https://app.onelogin.com/saml/metadata/7f1a1ba1-f3c8-4faa-86ee-1990b1e0beaf" idp.entity_id: "https://app.onelogin.com/saml/metadata/7f1a1ba1-f3c8-4faa-86ee-1990b1e0beaf" sp.entity_id: "https://e1074d7a2b5a463cb1ae0a2ff799cc3d.us-east-1.aws.found.io:9243" sp.acs: "https://e1074d7a2b5a463cb1ae0a2ff799cc3d.us-east-1.aws.found.io:9243/api/security/v1/saml" sp.logout: "https://e1074d7a2b5a463cb1ae0a2ff799cc3d.us-east-1.aws.found.io:9243/logout"
kibana.yml user settings
xpack.security.authc.providers: saml.saml1: order: 2 realm: saml1 description: "Log in with OneLogin" basic.basic1: order: 0
Every related doc/post I can find indicates that Kibana is not generating the correct ACS URL to match with what elasticsearch is configured with. But in those cases, it seems the resolution has always been to confirm the acs is exactly the same configured on the IdP side and the elasticsearch side. I have confirmed this multiple times but keep running into this error. Is there anything noticeable within the configs I pasted that might explain why I keep seeing this error?