Hi,
I’m trying to set up SAML authentication against our Shibboleth IdP but I can’t see any mention of a source for the Kibana/Searchguard’s Service Provider metadata source.
The only URL I can see mentioned is /searchguard/saml/acs however this still redirects to the IdP.
I’ve added this URL to the server.xsrf.whitelist: [“/searchguard/saml/acs”, “/searchguard/saml/logout”]
How do I obtain the SP’s metadata to set up the trust link?
My kibana.yml and sg_config.yml are listed below (with passwords/keys removed)kibana.yml (5.7 KB) sg_config.yml (11.1 KB)
I don’t know much about Shibboleth IdP, but if Shibboleth does not use own certs to signing its assertion documents, you also might have to specify these.
SAML Trust fabrics are based entirely on exchanging metadata (otherwise how else would IdPs/SPs know what endpoints to send assertions to, what keys to trust, how to identify trusted entities etc). Most IdPs and SPs will present an endpoint to download this from in my experience.
Some vendors might try and hide all this from the Administrator though!