SAML with ELK 7.1.1 / OpenDistro 1.1.0 not working

I am getting following error messages while trying to integrate SAML with ELK (OSS) 7.1.1/Opendistro 1.1.0.

[2019-08-20T20:32:13,752][ERROR][c.o.s.a.SamlResponse ] [n185] The status code of the Response was not Success, was urn:oasis:names:tc:SAML:2.0:status:Responder
[2019-08-20T20:32:13,752][WARN ][c.a.d.a.h.s.AuthTokenProcessorHandler] [n185] Error while validating SAML response in /_opendistro/_security/api/authtoken

I see roles being returned in JWT:
{“nbf”:1566333133,“exp”:1566336733,“sub”:“domain\userid”,“saml_nif”:“u”,“saml_si”:"_d90a25b5-…-b120-cdddb7dbf505",“roles”:[“grp1”…“grpn”]}

I also see it retries for 6 times and each time it gets JWT and roles in the token ( i can see it after enabling detailed debug logs )

My security config file is:
meta:
type: “config”
config_version: 2

config:
dynamic:
authc:
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: internal
saml_auth_domain:
description: “SAML Authentication”
http_enabled: true
order: 0
http_authenticator:
type: saml
challenge: false
config:
idp:
metadata_url: ‘https://xxxxxxxx.domain.com/FederationMetadata/2007-06/FederationMetadata.xml
entity_id: http://xxxxxxxx.domain.com/adfs/services/trust
enable_ssl: false
sp:
entity_id: kibana-saml
forceAuthn: true
kibana_url:
roles_key: ‘Roles’
exchange_key: ‘ahlh1231423fjsgha…SNSJGHNSKHSsaadfdsfsgs’
authentication_backend:
type: noop

authz:
  Everything disabled here.....
1 Like