SAML Authentication Not Working

I’m having trouble with getting SAML working in Kibana, not matter what I try I always get redirected to /customerror?type=samlConfigError#?_g=() where it shows this error:

SAML configuration error

Something went wrong while retrieving the SAML configuration, please check your settings.

There’s nothing obviously SAML related showing up in the log files either. Is there a way to enable debug logging for the SAML authentication so I can troubleshoot this issue?

I eventually figured out this particular issue. It was caused by basic_internal_auth_domain being set to a lower order than saml_auth_domain. Still, it would be useful to have some kind of log output that explains what is going wrong.



You can set these in =
logger.token.level = debug

This will print out the SAML response in the Elasticsearch log file so you can inspect and debug it.

Another way of inspecting the SAML Response is to montitor the network traffic while logging in to Kibana. The IdP will HTTP POST the base64-encoded SAML Response to:


Inspect the payload of this POST request and use a tool like to decode it.

It never even got to the point of attempting SAML, it failed before that part.

Debug logging for SAML config errors are currently limited.
We can probably improve its verbosity in the future.

1 Like

Ran into the same issue here. Fixing the ordering resolved my problem.

1 Like

Just to be clear, the correct ordering is with basic_internal_auth_domain at zero, and saml_auth_domain at one (or similar)?