Hi Clifford,
If you remember we have discussed on my post recently also (Unable to configure SAML with Jumpcloud and Opendistro), I was using Jumpcloud instead of Okta.
However, I wanted to try your approach and wanted to see will it work.
- I created new Okta trial account, I will upload pictures of the configuration.
- From Opendistro side, my configuration is absolutely same, except for secret stuff of course (exchange_key of 32 characters, Okta`s idp entity_id, kibana_url). I had “roles_key: Roles” both commented and uncommented.
- I have not changed roles_mapping.yml.
- I have also followed these two articles:
Add Single Sign-On (SSO) to Open Distro for Elasticsearch Kibana using SAML and Okta | AWS Open Source Blog
Add Single Sign-On to Open Distro for Elasticsearch Kibana Using SAML and ADFS | AWS Open Source Blog
specially second one on Role mapping part, to ensure having same name for my Okta group where my user is, as the name of Backend Role for all_access Role. (not sure if that can help with your Roles issue)
However, I am still not able to login onto Kibana with SAML, I am using 1.4 Opendistro version.
Do you might have any additional configuration or any advice what should I look for since I am also using Okta?
I also cannot find any useful logs in ES logs, even I added additional log levels in log4j2.properties.
Regards,
Jovan