Version: 7.x-38.0.0
This is an older version of Search Guard. Switch to Latest version
Enterprise

Kibana SAML authentication

Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml by adding:

searchguard.auth.type: "saml"

In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:

server.xsrf.whitelist: ["/searchguard/saml/acs"]

If you use the logout POST binding, you also need to whitelist the logout endpoint:

server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]

IdP initated SSO

To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:

/searchguard/saml/acs/idpinitiated

Then add this endpoint to the xsrf whitelist in kibana.yml:

server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]


Not what you were looking for? Try the search.