SAML for kibana Single Sign-on using Okta

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this

SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.

···

On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this

I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration

searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true

searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

``

···

On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:

SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.

On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this

Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.

Setting log level to debug:

https://docs.search-guard.com/latest/troubleshooting-setting-log-level

···

On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:

I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration

searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true

searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

``

On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:

SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.

On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this

Getting the below error when request happens

{“type”:“response”,"@timestamp":“2018-12-10T13:05:54Z”,“tags”:,“pid”:22031,“method”:“get”,“statusCode”:200,“req”:{“url”:"/ui/favicons/favicon-32x32.png",“method”:“get”,“headers”:{“host”:“kibana.emailnow.info:5601”,“connection”:“keep-alive”,“pragma”:“no-cache”,“cache-control”:“no-cache”,“user-agent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36”,“dnt”:“1”,“accept”:“image/webp,image/apng,image/,/*;q=0.8”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“en-GB,en-US;q=0.9,en;q=0.8”},“remoteAddress”:“202.153.46.98”,“userAgent”:“202.153.46.98”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError"},“res”:{“statusCode”:200,“responseTime”:7,“contentLength”:9},“message”:"GET /ui/favicons/favicon-32x32.png 200 7ms - 9.0B”}

``

···

On Wednesday, 5 December 2018 21:18:03 UTC+5:30, Jochen Kressin wrote:

Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.

Setting log level to debug:

https://docs.search-guard.com/latest/troubleshooting-setting-log-level

On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:

I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration

searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true

searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

``

On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:

SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.

On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this

seems like a duplicate of https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/search-guard/Ox4tBvpUR74/gAfEpgAnBgAJ

···

On Monday, 10 December 2018 14:14:35 UTC+1, Venkata Naresh Divi wrote:

Getting the below error when request happens

{“type”:“response”,"@timestamp":“2018-12-10T13:05:54Z”,“tags”:,“pid”:22031,“method”:“get”,“statusCode”:200,“req”:{“url”:"/ui/favicons/favicon-32x32.png",“method”:“get”,“headers”:{“host”:“kibana.emailnow.info:5601”,“connection”:“keep-alive”,“pragma”:“no-cache”,“cache-control”:“no-cache”,“user-agent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36”,“dnt”:“1”,“accept”:“image/webp,image/apng,image/,/*;q=0.8”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-GB,en-US;q=0.9,en;q=0.8”},“remoteAddress”:“202.153.46.98”,“userAgent”:“202.153.46.98”,“referer”:“https://kibana.emailnow.info:5601/customerror?type=samlConfigError”},“res”:{“statusCode”:200,“responseTime”:7,“contentLength”:9},“message”:“GET /ui/favicons/favicon-32x32.png 200 7ms - 9.0B”}

``

On Wednesday, 5 December 2018 21:18:03 UTC+5:30, Jochen Kressin wrote:

Can you please post your Elasticsearch logfile on debug level when this error occurs? It should show the root cause of the error.

Setting log level to debug:

https://docs.search-guard.com/latest/troubleshooting-setting-log-level

On Wednesday, December 5, 2018 at 3:14:26 PM UTC+1, Venkata Naresh Divi wrote:

I have enabled the enterprise feature in elasticsearch.yml. Find below is my elasticsearch.yml configuration

searchguard.enterprise_modules_enabled: truesearchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true

searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“sg_all_access”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

``

On Wednesday, 5 December 2018 19:41:16 UTC+5:30, Jochen Kressin wrote:

SAML is an Enterprise feature, not a Community feature. If you have disabled the Enterprise features in elasticsearch.yml, then this error is expected.

On Wednesday, December 5, 2018 at 2:33:02 PM UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

authc:

basic_internal_auth_domain:

enabled: true

order: 0

http_authenticator:

type: basic

challenge: false

authentication_backend:

type: intern

saml_auth_domain_okta:

http_enabled: true

transport_enabled: true

order: 1

http_authenticator:

type: ‘saml’

challenge: true

config:

idp:

metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml

entity_id: http://www.okta.com/***************

sp:

entity_id: kibana-saml-demo

kibana_url: https://kibana.****.info:5601/

roles_key: Role

exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’

authentication_backend:

type: noop

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I have configured Single Sign on using Okta for Kibana using search gaurd community edition. After all the set up, Elastic search is running but with Kibana Im getting customerror?type=samlConfigError#?_g=() with SAML configuration error Something went wrong while retrieving the SAML configuration, please check your settings. Please help me with this