Version: 7.x-36.0.0
Enterprise

Using Kibana with SAML authentication

Since most of the SAML specific configuration is done in Search Guard, just activate SAML in your kibana.yml by adding:

searchguard.auth.type: "saml"

In addition the Kibana endpoint for validating the SAML assertions must be whitelisted:

server.xsrf.whitelist: ["/searchguard/saml/acs"]

If you use the logout POST binding, you also need to whitelist the logout endpoint:

server.xsrf.whitelist: ["/searchguard/saml/acs", "/searchguard/saml/logout"]

IdP initated SSO

To use IdP initiated SSO, in your IdP, set the Assertion Consumer Service endpoint to:

/searchguard/saml/acs/idpinitiated

Then add this endpoint to the xsrf whitelist in kibana.yml:

server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]

Not what you were looking for? Try the search.