The SAML integration of kibana and elasticsearch with OKTA doesn’t seem to be working. I keep getting redirected to
customerror?type=samlConfigError#?_g=() or to this
I have enabled debug log in the elasticsearch machine and logs being generated:
'org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS' extracting credentials from saml http authenticator at com.floragunn.dlic.auth.http.saml.HTTPSamlAuthenticator.extractCredentials(HTTPSamlAuthenticator.java:135)
The kibana is running on a different server and the
Single sign on URL added in the OKTA app is being proxy passed through a nginx machine.
kibana_url in the below config.yml need to be the same one in OKTA or should I pass the FQDN of the kibana machine?
Here is the
saml: enabled: true order: 1 http_authenticator: type: saml challenge: true config: idp: metadata_file: metadata.xml entity_id: http://www.okta.com/3jnkj3nlwj3nlekn3lkn2 sp: entity_id: kibana-saml roles_key: 'Roles' kibana_url: https://kibana-node-1:5601 exchange_key: 'asd4nlksanflkanl3k2nlknlk' authentication_backend: type: noop
kibana.yml I have added these two blocks as well.
searchguard.auth.type: "saml" server.xsrf.whitelist: ["/searchguard/saml/acs/idpinitiated", "/searchguard/saml/acs", "/searchguard/saml/logout"]
Also the logs being generated in the kibana machine are not helpful.
Any ideas as to what can cause this issue?