search

DoD-Platform-One / elasticsearch-kibana

Deployment of Elasticsearch and Kibana.
https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana
Apache License 2.0
1 stars 0 forks source link

Adding SAML integration to elasticsearch.yml #2

Open p1-repo-sync-bot[bot] opened 7 months ago

p1-repo-sync-bot[bot] commented 7 months ago

How can SAML be added to elasticsearch.yml? The example code block below is what needs to be in elasticsearch.yml to enable SAML for elasticsearch-kibana.

xpack:
  security:
    authc:
      realms:
        saml: 
          saml-realm-name: 
            order: 2 
            attributes.principal: "nameid:persistent" 
            attributes.groups: "groups" 
            idp.metadata.path: "<check with your identity provider>" 
            idp.entity_id: "<check with your identity provider>" 
            sp.entity_id: "KIBANA_ENDPOINT_URL/" 
            sp.acs: "KIBANA_ENDPOINT_URL/api/security/saml/callback"
            sp.logout: "KIBANA_ENDPOINT_URL/logout"
p1-repo-sync-bot[bot] commented 6 months ago

staskiewicz.blane commented:

@lucas.barker When deploying using the operator (the way we do in Big Bang), options from the elasticsearch.yml can be specified in this config block. See some examples in the docs here.

Since we don't currently expose a value that would allow you set anything in the config block, you would have to make use of a postrender to modify the yaml. We have a doc here on the basics of how postrenders work.