Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Add SAML configuration information #30548

Merged
merged 4 commits into from
May 22, 2018
Merged

[DOCS] Add SAML configuration information #30548

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
01a3f13
[DOCS] Add SAML configuration information
lcawl May 12, 2018
89316c7
[DOCS] Addresses SAML review comments
lcawl May 16, 2018
929d200
[DOCS] Adds SP metadata step
lcawl May 16, 2018
1c7b341
[DOCS] Clarified SP metadata step
lcawl May 17, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion x-pack/docs/en/security/authentication/configuring-saml-realm.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ the SAML 2.0 Web Browser SSO and the SAML 2.0 Single Logout profiles. It can
integrate with any identity provider (IdP) that supports at least the SAML 2.0
Web Browser SSO Profile.

In SAML terminology, the {stack} is operating as a _service provider_. For more
In SAML terminology, the {stack} is operating as a _service provider_ (SP). For more
information, see {stack-ov}/saml-realm.html[SAML authentication] and
{stack-ov}/saml-guide.html[Configuring SAML SSO on the {stack}].

Expand Down Expand Up @@ -201,6 +201,14 @@ separate keys. For more information, see
{stack-ov}/saml-guide-authentication.html#saml-enc-sign[Encryption and signing].
--

. (Optional) Generate service provider metadata.
+
--
Some identity providers can import metadata about service providers.
//TBD: What steps (if any) does this enable you to skip?
You can generate SP metadata for the {stack} by using the <<saml-metadata,`elasticsearch-saml-metadata` command>>.
--
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This allows you to skip some steps on the Identity Provider side, none of which we document.
As well as the steps we document here for configuring the Elastic Stack, there will be some steps on the IdP side to configure ES/Kibana as a Service Provider.

For a few of them, that's as simple as importing the sp-metadata file.
For others it's a bunch of clicking around in confusing GUIs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @tvernum, I've clarified that step.


. Configure role mappings.
+
--
Expand Down