SAML Authentication - Could not find SingleSignOnService endpoint

worapojc · June 22, 2019, 2:27pm

Hi,

I configured SAML authentication but I got the following error.

My endpoint in the metadata is reachable from the host.

[2019-06-22T14:15:23,269][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [10.49.113.0-master-node-0] Metadata Resolver SamlFilesystemMetadataResolver com.amazon.dlic.auth.http.saml.SamlFilesystemMetadataResolver_6: Next refresh cycle for metadata provider '/etc/elasticsearch/SAFEQA5IdpMetadata2018.xml' will occur on '2019-06-22T17:15:23.266Z' ('2019-06-22T17:15:23.266Z' local time)
[2019-06-22T14:15:23,269][ERROR][c.a.d.a.h.s.HTTPSamlAuthenticator] [10.49.113.0-master-node-0] Error creating HTTPSamlAuthenticator: com.amazon.dlic.auth.http.saml.SamlConfigException: Could not find SingleSignOnService endpoint for binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect; available services: [org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceImpl@62ed6083]. SAML authentication will not work
com.amazon.dlic.auth.http.saml.SamlConfigException: Could not find SingleSignOnService endpoint for binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect; available services: [org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceImpl@62ed6083]
        at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.findSingleSignOnService(Saml2SettingsProvider.java:196) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
        at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.initIdpEndpoints(Saml2SettingsProvider.java:148) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
        at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.get(Saml2SettingsProvider.java:83) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
        at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.getCached(Saml2SettingsProvider.java:111) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
        at com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator.<init>(HTTPSamlAuthenticator.java:114) [opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [?:1.8.0_201]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_201]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_201]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_201]
        at com.amazon.opendistroforelasticsearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:259) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.auth.BackendRegistry.newInstance(BackendRegistry.java:822) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.auth.BackendRegistry.onChange(BackendRegistry.java:295) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.configuration.IndexBaseConfigurationRepository.notifyAboutChanges(IndexBaseConfigurationRepository.java:331) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.configuration.IndexBaseConfigurationRepository.reloadConfiguration(IndexBaseConfigurationRepository.java:300) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.action.configupdate.TransportConfigUpdateAction.nodeOperation(TransportConfigUpdateAction.java:124) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.action.configupdate.TransportConfigUpdateAction.nodeOperation(TransportConfigUpdateAction.java:58) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at org.elasticsearch.action.support.nodes.TransportNodesAction.nodeOperation(TransportNodesAction.java:138) [elasticsearch-6.7.1.jar:6.7.1]
        at org.elasticsearch.action.support.nodes.TransportNodesAction$NodeTransportHandler.messageReceived(TransportNodesAction.java:259) [elasticsearch-6.7.1.jar:6.7.1]
        at org.elasticsearch.action.support.nodes.TransportNodesAction$NodeTransportHandler.messageReceived(TransportNodesAction.java:255) [elasticsearch-6.7.1.jar:6.7.1]
        at com.amazon.opendistro.elasticsearch.performanceanalyzer.transport.PerformanceAnalyzerTransportRequestHandler.messageReceived(PerformanceAnalyzerTransportRequestHandler.java:43) [opendistro_performance_analyzer-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.ssl.transport.OpenDistroSecuritySSLRequestHandler.messageReceivedDecorate(OpenDistroSecuritySSLRequestHandler.java:194) [opendistro_security_ssl-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.transport.OpenDistroSecurityRequestHandler.messageReceivedDecorate(OpenDistroSecurityRequestHandler.java:163) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.ssl.transport.OpenDistroSecuritySSLRequestHandler.messageReceived(OpenDistroSecuritySSLRequestHandler.java:116) [opendistro_security_ssl-0.9.0.0.jar:0.9.0.0]
        at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin$7$1.messageReceived(OpenDistroSecurityPlugin.java:645) [opendistro_security-0.9.0.0.jar:0.9.0.0]
        at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:66) [elasticsearch-6.7.1.jar:6.7.1]
        at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:686) [elasticsearch-6.7.1.jar:6.7.1]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:751) [elasticsearch-6.7.1.jar:6.7.1]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.7.1.jar:6.7.1]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]

Regards,
Worapoj

jovant · May 27, 2020, 12:17am

Hi @worapojc,

I have the same exception, did you managed to solve your issue?

Anthony · April 26, 2021, 2:18pm

Hi All, have you managed to resolve this? if not can you share your saml config (config.yml)? Also what provider are you using?

Topic		Replies	Views
Unable to get SAML to work after upgrade OpenDistro troubleshoot , configure , upgrade	1	398	February 7, 2023
SamlConfigException: Could not find entity descriptor , in Docker, using Auth0 as IDP with SAML OpenSearch troubleshoot	0	606	June 17, 2022
SAML encrypted assertion problem Security	3	1487	July 1, 2020
Unable to perform SAML Security	3	1644	February 27, 2020
Started rolling restart of cluster using SAML auth, after first node restarted, auth is broken Security	11	274	August 5, 2022

SAML Authentication - Could not find SingleSignOnService endpoint

Related Topics