SAML encrypted assertion problem

#1

Hello,

I’m trying to set up SAML with opendistro but it seems there is a problem with encrypted assertions.

At the moment, I am correctly redirected to my IdP, I enter my credentials, and I’m correctly redirected to Kibana.

But then, I’m getting a “SAML authentication error. The SAML authentication failed. Please contact your administrator.” Error.

Looking into the logs I have this :

[2019-04-26T14:10:02,782][ERROR][c.a.d.a.h.s.AuthTokenProcessorHandler] [elastic] Error while converting SAML to JWT
com.onelogin.saml2.exception.SettingsException: No private key available for decrypt, check settings
at com.onelogin.saml2.authn.SamlResponse.decryptAssertion(SamlResponse.java:1073) ~[java-saml-core-2.3.0.jar:?]
at com.onelogin.saml2.authn.SamlResponse.loadXmlFromBase64(SamlResponse.java:135) ~[java-saml-core-2.3.0.jar:?]
at com.amazon.dlic.auth.http.saml.AuthTokenProcessorHandler.handleImpl(AuthTokenProcessorHandler.java:167) [opendistro_security_advanced_modules-0.8.0.0.jar:0.8.0.0]
at com.amazon.dlic.auth.http.saml.AuthTokenProcessorHandler.handleLowLevel(AuthTokenProcessorHandler.java:232) [opendistro_security_advanced_modules-0.8.0.0.jar:0.8.0.0]
at com.amazon.dlic.auth.http.saml.AuthTokenProcessorHandler.access$000(AuthTokenProcessorHandler.java:70) [opendistro_security_advanced_modules-0.8.0.0.jar:0.8.0.0]
at com.amazon.dlic.auth.http.saml.AuthTokenProcessorHandler$1.run(AuthTokenProcessorHandler.java:136) [opendistro_security_advanced_modules-0.8.0.0.jar:0.8.0.0]
at com.amazon.dlic.auth.http.saml.AuthTokenProcessorHandler$1.run(AuthTokenProcessorHandler.java:132) [opendistro_security_advanced_modules-0.8.0.0.jar:0.8.0.0]
at java.security.AccessController.doPrivileged(Native Method) [?:?]

It fails in decryptAssertion, which means that encrypted assertions are detected.
However I do not see any option in opendistro security to enable/disable assertion encryption, and I do not see any key passed to onelogin to decrypt this assertion.

Am I missing something ?

I tried to google it without luck

Regards,