Skip to content

Commit 515504d

Browse files
lcawllcawl
committed
Fixes list continuation issues (#293)
1 parent e653554 commit 515504d

File tree

1 file changed

+8
-10
lines changed

1 file changed

+8
-10
lines changed

docs/en/stack/security/troubleshooting.asciidoc

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -371,53 +371,51 @@ Assertion Consumer Service URL of the SAML Service Provider is.
371371
.. {kib} constructs this value using the `server.host` and `server.port` in
372372
`kibana.yml`. For instance:
373373
+
374-
--
375374
[source, shell]
376375
-----------------------------------------------
377376
server.host: kibanaserver.org
378377
server.port: 3456
379378
-----------------------------------------------
380-
379+
+
381380
These settings would mean that {kib} would construct the Assertion Consumer
382-
Service URL as `https://kibanaserver.org:3456/api/secuirity/v1/saml`. However,
381+
Service URL as `https://kibanaserver.org:3456/api/security/v1/saml`. However,
383382
if for example, {kib} is behind a reverse proxy and you have configured the
384383
following `xpack.security.public.*` settings:
385-
384+
+
386385
[source, shell]
387386
-----------------------------------------------
388387
xpack.security.public:
389388
protocol: https
390389
hostname: kibana.proxy.com
391390
port: 8080
392391
-----------------------------------------------
393-
392+
+
394393
These settings would instruct {kib} to construct the Assertion Consumer Service
395394
URL as `https://kibana.proxy.com:8080/api/security/v1/saml`
396-
--
397395

398396
.. The SAML Identity Provider is either explicitly configured by the IdP
399397
administrator or consumes the SAML metadata that are generated by {es} and as
400398
such contain the same value for the
401399
as the one
402400
that is configured in the the `sp.acs` setting in the {es} SAML realm
403401
configuration.
404-
402+
--
403+
+
405404
The error encountered here indicates that the Assertion Consumer Service URL
406405
that {kib} has constructed via one of the aforementioned ways
407406
(`https://my.kibana.url/api/security/v1/saml`) is not the one that {es} is
408407
configured with. Note that these two URLs are compared as case-sensitive strings
409408
and not as canonicalized URLs.
410-
409+
+
411410
Often, this can be resolved by changing the `sp.acs` URL in `elasticearch.yml`
412411
to match the value that {kib} has constructed. Note however, that the SAML IdP
413412
configuration needs to also be adjusted to reflect this change.
414-
413+
+
415414
Alternatively, if you think {kib} is using the wrong value for the Assertion
416415
Consumer Service URL, you will need to change the configuration in `kibana.yml`
417416
by adjusting either the `server.host` and `server.port` to change the URL {kib}
418417
listens to or the `xpack.security.public.*` settings to make {kib} aware about
419418
its correct public URL.
420-
--
421419

422420
. *Symptoms:*
423421
+

0 commit comments

Comments
 (0)