Basic Auth with SAML

yasvanth · August 3, 2021, 3:24pm

Hi Team,

I am testing SAML authentication in elasticsearch using Searchguard and SAML auth at Kibana works well. When I check cluster status using below API, I get no response where using cluster admin cert works fine.

curl -k -u  https://localhost:9200/_cat/health

Form documentation, I see only one type of authentication can be used (http-challange: true), For SAML to work we have to set basic auth’s change should to false.

How can I use basic auth to connect beats to elasticsearch for auto-provisioning of index and dashboards?

Any suggestion and reference would help.

Best,
Yash

nils · August 5, 2021, 7:56am

Hello!

Can you please provide the whole sg_config.yml file which are you using?

Also what is actually the response from the curl command you are giving above?

yasvanth · August 5, 2021, 8:41am

Hi @nils ,

Thanks for your response, Please find the attached sg_config.yml below.
I dont get any response when I provide basic auth details in curl.

_sg_meta:
  type: "config"
  config_version: 2

sg_config:
  dynamic:

      license: 

      do_not_fail_on_forbidden: true
      kibana:
        multitenancy_enabled: true
        server_username: ''
        index: '.kibana'
      http:
        anonymous_auth_enabled: false
        xff:
          enabled: true
          internalProxies: '.*' # trust all internal proxies, regex pattern
          remoteIpHeader:  'x-forwarded-for'
      authc:
        basic_internal_auth_domain:
          description: "Authenticate via HTTP Basic against internal users database"
          http_enabled: true
          transport_enabled: true
          order: 0
          http_authenticator:
            type: basic
            challenge: false
          authentication_backend:
            type: internal
        saml_auth_heanet_idp:
          description: "SAML Auth"
          http_enabled: true
          order: 1
          http_authenticator:
            type: 'saml'
            challenge: true
            config:
              idp:
                metadata_url: "metadata_URL"
                entity_id: "IDP_EntityID"
              sp:
                entity_id: "Kibana_entityID"
              kibana_url: "kibana_UrL"
              subject_key: "urn:oid:0.9.2342.19200300.100.1.3"
              roles_key: "urn:oid:1.3.6.1.4.1.5923.1.5.1.1"
              exchange_key: "key"
          authentication_backend:
            type: noop

system · August 26, 2021, 8:41am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Connect DASH (python) with Elasticsearch Search Guard	5	916	November 19, 2020
SG Anonymous authentication Search Guard	9	1150	November 8, 2019
SAML for kibana Single Sign-on using Okta Search Guard	5	1111	December 11, 2018
SAML SSO with Kibana Search Guard	20	2415	August 31, 2018
6.2.3 Demo anonymous auth not functioning Search Guard	4	489	May 7, 2018

Basic Auth with SAML

Related Topics