Version: 7.x-52.5.0
This is an older version of Search Guard. Switch to Latest version

Kibana SAML authentication

Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml by adding:

searchguard.auth.type: "saml"

It is also required to set the isSameSite=None to enable Kibana to send the cookie in a third-party context. Read more. The setting requires HTTPS.

searchguard.cookie.isSameSite: None true

In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:

server.xsrf.whitelist: ["/searchguard/saml/acs"]

If you use the logout POST binding, you also need to whitelist the logout endpoint:

server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]

IdP initated SSO

To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:


Then add this endpoint to the xsrf whitelist in kibana.yml:

server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]

Not what you were looking for? Try the search.