Auth0 SAML Setup and Kibana

jason9 · August 18, 2020, 9:44pm

Hi,

I’m trying to setup a webapp configuration in Auth0 to work with Kibana from OpenDistro, but I have been unable to get it working. I’m hoping someone here can help.

I first followed this guide in the docs.

In Kibana, they require a YAML file to be configured for their security plugin as follows:
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: “basic”
challenge: false
authentication_backend:
type: “intern”
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_file: .xml
entity_id: <where does this come from???>
sp:
entity_id: kibana-saml
kibana_url: https://kibana.example.com:5601/
roles_key: Roles exchange_key: ‘AbCDefg123…’
authentication_backend:
type: noop

When I go to the Kibana main page, I expected to be automatically forwarded to the Auth0 login page but I see this error:

I’m probably misconfiguring the the YAML file, but don’t know where to find a good example that works. Can someone here help?

Thanks.

jmangelo · August 19, 2020, 6:56am

If you followed the documentation you linked to at step 13. of (https://auth0.com/docs/protocols/saml-configuration-options/configure-auth0-as-saml-identity-provider#configure-auth0-as-idp) you’re instructed to go to the Usage tab of the SAML addon application you created to represent Kibana.

In that tab you should find a option to download metadata so you can give that metadata to the service provider configuration (in this case Kibana). In addition, you’ll also have the identifier used by the Auth0 tenant (the Issuer value) which should be the entity identifier of the IdP in terms of that YAML configuration.

jason9 · August 19, 2020, 1:54pm

I have done that per your guide. I didn’t want to put the value for entity ID in my example, but I have followed the instructions.

jmangelo · August 19, 2020, 3:17pm

The error page is still in the Kibana side; it’s common for error information to be surfaced very generically in terms of user facing pages, but server-side logs to have additional information. I confess I have no experience with Kibana OpenDistro, but have you checked if there’s any additional details in server-side logs?

jason9 · August 19, 2020, 3:24pm

I don’t see any errors in the Kibana logs. I probably don’t have verbose logging enabled. Will first have to figure that out.