Skip to content

Commit 5a00cab

Browse files
lcawllcawl
authored
Fixes list continuation issues (#293)
1 parent a4c7be0 commit 5a00cab

File tree

1 file changed

+7
-9
lines changed

1 file changed

+7
-9
lines changed

docs/en/stack/security/troubleshooting.asciidoc

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -444,52 +444,50 @@ Assertion Consumer Service URL of the SAML Service Provider is.
444444
.. {kib} constructs this value using the `server.host` and `server.port` in
445445
`kibana.yml`. For instance:
446446
+
447-
--
448447
[source, shell]
449448
-----------------------------------------------
450449
server.host: kibanaserver.org
451450
server.port: 3456
452451
-----------------------------------------------
453-
452+
+
454453
These settings would mean that {kib} would construct the Assertion Consumer
455454
Service URL as `https://kibanaserver.org:3456/api/secuirity/v1/saml`. However,
456455
if for example, {kib} is behind a reverse proxy and you have configured the
457456
following `xpack.security.public.*` settings:
458-
457+
+
459458
[source, shell]
460459
-----------------------------------------------
461460
xpack.security.public:
462461
protocol: https
463462
hostname: kibana.proxy.com
464463
port: 8080
465464
-----------------------------------------------
466-
465+
+
467466
These settings would instruct {kib} to construct the Assertion Consumer Service
468467
URL as `https://kibana.proxy.com:8080/api/secuirity/v1/saml`
469-
--
470468

471469
.. The SAML Identity Provider is either explicitly configured by the IdP
472470
administrator or consumes the SAML metadata that are generated by {es} and as
473471
such contain the same value for the Assertion Consumer Service URL as the one
474472
that is configured in the the `sp.acs` setting in the {es} SAML realm
475473
configuration.
476-
474+
--
475+
+
477476
The error encountered here indicates that the Assertion Consumer Service URL
478477
that {kib} has constructed via one of the aforementioned ways
479478
(`https://my.kibana.url/api/security/v1/saml`) is not the one that {es} is
480479
configured with. Note that these two URLs are compared as case-sensitive strings
481480
and not as canonicalized URLs.
482-
481+
+
483482
Often, this can be resolved by changing the `sp.acs` URL in `elasticearch.yml`
484483
to match the value that {kib} has constructed. Note however, that the SAML IdP
485484
configuration needs to also be adjusted to reflect this change.
486-
485+
+
487486
Alternatively, if you think {kib} is using the wrong value for the Assertion
488487
Consumer Service URL, you will need to change the configuration in `kibana.yml`
489488
by adjusting either the `server.host` and `server.port` to change the URL {kib}
490489
listens to or the `xpack.security.public.*` settings to make {kib} aware about
491490
its correct public URL.
492-
--
493491

494492
. *Symptoms:*
495493
+

0 commit comments

Comments
 (0)