We are also looking into a solution and are considering to Proxy Kibana with Tomcat and the SAML/WS-Federation Plugin Fediz (subproject of Apache CXF). The challenge is the security support in ES itself because it only supports Username/Password and then retrieve the roles from LDAP or file. It would be nice to have an interface where you can provide the roles from any kind of source (SAML Token, HTTP Header). Or is such kind of interface already available?