Hi,
I configured SAML authentication but I got the following error.
My endpoint in the metadata is reachable from the host.
[2019-06-22T14:15:23,269][INFO ][o.o.s.m.r.i.AbstractReloadingMetadataResolver] [10.49.113.0-master-node-0] Metadata Resolver SamlFilesystemMetadataResolver com.amazon.dlic.auth.http.saml.SamlFilesystemMetadataResolver_6: Next refresh cycle for metadata provider '/etc/elasticsearch/SAFEQA5IdpMetadata2018.xml' will occur on '2019-06-22T17:15:23.266Z' ('2019-06-22T17:15:23.266Z' local time)
[2019-06-22T14:15:23,269][ERROR][c.a.d.a.h.s.HTTPSamlAuthenticator] [10.49.113.0-master-node-0] Error creating HTTPSamlAuthenticator: com.amazon.dlic.auth.http.saml.SamlConfigException: Could not find SingleSignOnService endpoint for binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect; available services: [org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceImpl@62ed6083]. SAML authentication will not work
com.amazon.dlic.auth.http.saml.SamlConfigException: Could not find SingleSignOnService endpoint for binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect; available services: [org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceImpl@62ed6083]
at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.findSingleSignOnService(Saml2SettingsProvider.java:196) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.initIdpEndpoints(Saml2SettingsProvider.java:148) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.get(Saml2SettingsProvider.java:83) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
at com.amazon.dlic.auth.http.saml.Saml2SettingsProvider.getCached(Saml2SettingsProvider.java:111) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
at com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator.<init>(HTTPSamlAuthenticator.java:114) [opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [?:1.8.0_201]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_201]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_201]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_201]
at com.amazon.opendistroforelasticsearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:259) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.auth.BackendRegistry.newInstance(BackendRegistry.java:822) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.auth.BackendRegistry.onChange(BackendRegistry.java:295) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.configuration.IndexBaseConfigurationRepository.notifyAboutChanges(IndexBaseConfigurationRepository.java:331) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.configuration.IndexBaseConfigurationRepository.reloadConfiguration(IndexBaseConfigurationRepository.java:300) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.action.configupdate.TransportConfigUpdateAction.nodeOperation(TransportConfigUpdateAction.java:124) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.action.configupdate.TransportConfigUpdateAction.nodeOperation(TransportConfigUpdateAction.java:58) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at org.elasticsearch.action.support.nodes.TransportNodesAction.nodeOperation(TransportNodesAction.java:138) [elasticsearch-6.7.1.jar:6.7.1]
at org.elasticsearch.action.support.nodes.TransportNodesAction$NodeTransportHandler.messageReceived(TransportNodesAction.java:259) [elasticsearch-6.7.1.jar:6.7.1]
at org.elasticsearch.action.support.nodes.TransportNodesAction$NodeTransportHandler.messageReceived(TransportNodesAction.java:255) [elasticsearch-6.7.1.jar:6.7.1]
at com.amazon.opendistro.elasticsearch.performanceanalyzer.transport.PerformanceAnalyzerTransportRequestHandler.messageReceived(PerformanceAnalyzerTransportRequestHandler.java:43) [opendistro_performance_analyzer-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.ssl.transport.OpenDistroSecuritySSLRequestHandler.messageReceivedDecorate(OpenDistroSecuritySSLRequestHandler.java:194) [opendistro_security_ssl-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.transport.OpenDistroSecurityRequestHandler.messageReceivedDecorate(OpenDistroSecurityRequestHandler.java:163) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.ssl.transport.OpenDistroSecuritySSLRequestHandler.messageReceived(OpenDistroSecuritySSLRequestHandler.java:116) [opendistro_security_ssl-0.9.0.0.jar:0.9.0.0]
at com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin$7$1.messageReceived(OpenDistroSecurityPlugin.java:645) [opendistro_security-0.9.0.0.jar:0.9.0.0]
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:66) [elasticsearch-6.7.1.jar:6.7.1]
at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:686) [elasticsearch-6.7.1.jar:6.7.1]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:751) [elasticsearch-6.7.1.jar:6.7.1]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.7.1.jar:6.7.1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Regards,
Worapoj