Onelogin - SAML - configuration

I’m looking to override the following property for SAML authorization.

onelogin.saml2.security.reject_unsolicited_responses_with_inresponseto

ES sets this as default to ‘true’

I assume that this goes in the ES config.yml? Couldn’t find any documentation for configuring the onelogin settings.

Thanks

Had to dig into the source and run it locally.

In securityconfig/config.yml section for SAML authentication you can do the following.

All onlogin properties need to have the ‘validator’ prefix.

saml_auth_domain:
   http_authenticator:
       config:
           validator.security.reject_unsolicited_responses_with_inresponseto: false