Version: 7.x-51.0.0

Kibana SAML authentication

Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml by adding:

searchguard.auth.type: "saml"

It is also required to set the isSameSite=None to enable Kibana to send the cookie in a third-party context. Read more. The setting requires HTTPS.

searchguard.cookie.isSameSite: None true

In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:

server.xsrf.whitelist: ["/searchguard/saml/acs"]

If you use the logout POST binding, you also need to whitelist the logout endpoint:

server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]

IdP initated SSO

To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:


Then add this endpoint to the xsrf whitelist in kibana.yml:

server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]

Not what you were looking for? Try the search.