Version: 7.x-47.0.0
Enterprise
Kibana SAML authentication
Content
Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml
by adding:
searchguard.auth.type: "saml"
In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:
server.xsrf.whitelist: ["/searchguard/saml/acs"]
If you use the logout POST binding, you also need to whitelist the logout endpoint:
server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]
IdP initated SSO
To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:
/searchguard/saml/acs/idpinitiated
Then add this endpoint to the xsrf whitelist in kibana.yml:
server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]
Additional resources