When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this
SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.
···
On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this
I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration
searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
``
···
On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:
SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.
On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this
Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.
Setting log level to debug:
···
On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:
I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration
searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
``
On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:
SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.
On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this
Getting the below error when request happens
{“type”:“response”,“@timestamp”:“2018-12-10T13:05:54Z”,“tags”:,“pid”:22031,“method”:“get”,“statusCode”:200,“req”:{“url”:“/ui/favicons/favicon-32x32.png”,“method”:“get”,“headers”:{“host”:“kibana.emailnow.info:5601”,“connection”:“keep-alive”,“pragma”:“no-cache”,“cache-control”:“no-cache”,“user-agent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36”,“dnt”:“1”,“accept”:“image/webp,image/apng,image/,/*;q=0.8”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“en-GB,en-US;q=0.9,en;q=0.8”},“remoteAddress”:“202.153.46.98”,“userAgent”:“202.153.46.98”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError"},“res”:{“statusCode”:200,“responseTime”:7,“contentLength”:9},“message”:"GET /ui/favicons/favicon-32x32.png 200 7ms - 9.0B”}
``
···
On Wednesday, 5 December 2018 21:18:03 UTC+5:30, Jochen Kressin wrote:
Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.
Setting log level to debug:
https://docs.search-guard.com/latest/troubleshooting-setting-log-level
On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:
I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration
searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
``
On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:
SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.
On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this
seems like a duplicate of Redirecting to Google Groups
···
On Monday, 10 December 2018 14:14:35 UTC+1, Venkata Naresh Divi wrote:
Getting the below error when request happens
{“type”:“response”,“@timestamp”:“2018-12-10T13:05:54Z”,“tags”:,“pid”:22031,“method”:“get”,“statusCode”:200,“req”:{“url”:“/ui/favicons/favicon-32x32.png”,“method”:“get”,“headers”:{“host”:“kibana.emailnow.info:5601”,“connection”:“keep-alive”,“pragma”:“no-cache”,“cache-control”:“no-cache”,“user-agent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36”,“dnt”:“1”,“accept”:“image/webp,image/apng,image/,/*;q=0.8”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-GB,en-US;q=0.9,en;q=0.8”},“remoteAddress”:“202.153.46.98”,“userAgent”:“202.153.46.98”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError”},“res”:{“statusCode”:200,“responseTime”:7,“contentLength”:9},“message”:“GET /ui/favicons/favicon-32x32.png 200 7ms - 9.0B”}
``
On Wednesday, 5 December 2018 21:18:03 UTC+5:30, Jochen Kressin wrote:
Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.
Setting log level to debug:
https://docs.search-guard.com/latest/troubleshooting-setting-log-level
On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:
I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration
searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
``
On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:
SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.
On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this