我正在尝试将SSO与Kibana和SAML集成在一起。我正在使用Auth0。以下是我在yml文件中的设置
kibana.yml
elasticsearch.hosts: ["https://localhost:9200"]
xpack.security.enabled: true
elasticsearch.ssl.certificate: D:/Piyusha/Extracted/kibana-7.4.1-windows-x86_64/config/certs/client.cer
elasticsearch.ssl.key: D:/Piyusha/Extracted/kibana-7.4.1-windows-x86_64/config/certs/client.key
elasticsearch.ssl.certificateAuthorities: D:/Piyusha/Extracted/kibana-7.4.1-windows-x86_64/config/certs/client-ca.cer
elasticsearch.ssl.verificationMode: certificate
xpack.security.authc.providers: [saml]
xpack.security.authc.saml.realm: saml1
server.xsrf.whitelist: [/api/security/v1/saml]
elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: optional
xpack.security.authc.realms.pki.pki1.order: 0
xpack.security.authc.token.enabled: true
xpack.security.authc.realms.saml.saml1:
order: 2
idp.metadata.path: saml/dev-zl4z3q20_auth0_com-metadata.xml
sp.entity_id: "http://localhost:5601"
idp.entity_id: "urn:dev-zl4z3q20.auth0.com"
sp.acs: "http://localhost:5601/api/security/v1/saml"
sp.logout: "http://localhost:5601/logout"
attributes.principal: "urn:oid:0.9.2342.19200300.100.1.1"
attributes.groups: "urn:oid:1.3.6.1.4.1.5923.1.5.1."
添加saml设置之前,一切都可以正常工作,例如身份验证等。但是添加saml配置后,kibana url重定向到错误页面
https://dev-zl4z3q20.auth0.com/samlp/brGsd0sUh18u1oremCeu58L4FxrExgxf?SAMLRequest=fVJbb9sgGP0riHfb4FtSFKfKkmWLlHVR4%2FRhLxPGuEHC4PLhLO2vn3Pp1ElVXuHcOIfJ%2FbHV6CAdKGsKTEOCkTTC1so8F3hXLoMxvp9OgLc67tis93vzKF96CR4NRAPsclPg3hlmOShghrcSmBdsO%2FuxZnFIWOest8JqjGYA0vnBam4N9K10W%2BkOSsjd47rAe%2B87FkXaCq73FjzLckIj3qkIpOid8q%2FRgUYnQ4wWQwJluD%2BnPhFhYNbyELzp9C15iUnIh6wkFLY9M7qoct%2BgJrDb03FPrZPtXPbZeJ0uj%2B7r8fnYYLRaFPh3mjUiz0iV8CRPBaWjOq5jwZPxuBqleU6qu0aMuEgHOEAvVwY8N77AMaF3ASVBQksaszhlWRzmGf2F0eb6%2Bi%2FKXFq9VVV1AQH7XpabYPNzW2L09L7OAMDXLdjZ3X0c4bYwf28eTz%2FteRJ91P23%2BMMgtFpsrFbiFc20tn%2FmTnIvC9xwDRKjpXUt97e9TyeqDpozlHnHDShpPI6mV9f%2Ff9b0Lw%3D%3D
并给出以下错误
invalid_request: The SAML Request AssertionConsumerServiceURL is invalid: 'http://localhost:5601/api/security/v1/saml'
TRACKING ID: c682d69fc2f95872f203
错误表明SAML请求中发送的ACS URL与Auth0中配置的不匹配。
验证在Auth0应用程序的SAML插件设置中您已将http://localhost:5601/api/security/v1/saml设置为ACS URL。