Hello
I'm testing the ELK 6.4 version on stage env ( Ubuntu 16.04.5 LTS ) , i have 1LS with redis , 2 ES as data nodes and 1 Kib with ES as master. SSL setup went ok but but further I need to integrate it with SAML on Azure.
Kibana:
xpack.security.authProviders: [saml, basic]
server.xsrf.whitelist: [/api/security/v1/saml]
ES:
xpack.security.authc.realms.native1:
type: native
order: 0
xpack.security.authc.realms.saml1:
type: saml
order: 1
idp.metadata.path: elasticsearch.xml
idp.entity_id: "https://mydomain/b0384619-3635-481f-a15e-352939eed333/"
sp.entity_id: "https://mydomain:5601/"
sp.acs: "https://mydomain:5601/api/security/v1/saml"
sp.logout: "https://mydomain:5601/logout"
attributes.principal: "nameid:persistent"
attributes.groups: "roles"
In ES logs i have the following:
[2018-10-19T23:16:20,179][INFO ][o.o.c.c.InitializationService] Initializing OpenSAML using the Java Services API
[2018-10-19T23:16:21,096][INFO ][o.o.x.a.AlgorithmRegistry] Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160
[2018-10-19T23:16:21,101][INFO ][o.o.x.a.AlgorithmRegistry] Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
[2018-10-19T23:16:21,109][INFO ][o.o.x.a.AlgorithmRegistry] Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
[2018-10-19T23:16:21,522][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] Metadata Resolver FilesystemMetadataResolver saml1: New metadata successfully loaded for '/etc/elasticsearch/elasticsearch.xml'
[2018-10-19T23:16:21,530][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] Metadata Resolver FilesystemMetadataResolver saml1: Next refresh cycle for metadata provider '/etc/elasticsearch/elasticsearch.xml' will occur on '2018-10-20T23:16:21.522Z' ('2018-10-20T23:16:21.522Z' local time)
[2018-10-19T23:16:21,573][INFO ][o.e.x.s.a.s.FileRolesStore] [domain] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
the only strange this I see in logs is :
[WARN ][r.suppressed ] path: /_xpack/security/saml/prepare, params: {}
org.elasticsearch.ElasticsearchSecurityException: Cannot find any matching realm for [SamlPrepareAuthenticationRequest{realmName=null, assertionConsumerServiceURL=https://0.0.0.0:5601/api/security/v1/saml}]
but the GET response for _xpack/security/role_mapping is :
{
"saml-kibana": {
"enabled": true,
"roles": [
"kibana_user"
],
"rules": {
"field": {
"realm.name": "saml1"
}
},
"metadata": {}
},
"saml1": {
"enabled": true,
"roles": [
"kibana_user"
],
"rules": {
"field": {
"realm.name": "saml1"
}
},
"metadata": {}
}
}
.... and here I'm stuck . Please let me know if I should provide more logs and what am I missing
I have the "xpack.security.authc.realms.saml1" configured just on the ES master node (should it be also on data nodes? ) Also the xml file is just on the master ES node.
Cheers!!!