Version: 7.x-41.0.0
This is an older version of Search Guard. Switch to Latest version
This is an older version of Search Guard. Switch to Latest version
Enterprise
Kibana SAML authentication
Content
Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml
by adding:
searchguard.auth.type: "saml"
In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:
server.xsrf.whitelist: ["/searchguard/saml/acs"]
If you use the logout POST binding, you also need to whitelist the logout endpoint:
server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]
IdP initated SSO
To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:
/searchguard/saml/acs/idpinitiated
Then add this endpoint to the xsrf whitelist in kibana.yml:
server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]
Additional resources