Skip to content

Commit d8dca01

Browse files
lcawllcawl
committed
Fixes list continuation issues (#293)
1 parent a8e363e commit d8dca01

File tree

1 file changed

+8
-10
lines changed

1 file changed

+8
-10
lines changed

docs/en/stack/security/troubleshooting.asciidoc

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -443,53 +443,51 @@ Assertion Consumer Service URL of the SAML Service Provider is.
443443
.. {kib} constructs this value using the `server.host` and `server.port` in
444444
`kibana.yml`. For instance:
445445
+
446-
--
447446
[source, shell]
448447
-----------------------------------------------
449448
server.host: kibanaserver.org
450449
server.port: 3456
451450
-----------------------------------------------
452-
451+
+
453452
These settings would mean that {kib} would construct the Assertion Consumer
454-
Service URL as `https://kibanaserver.org:3456/api/secuirity/v1/saml`. However,
453+
Service URL as `https://kibanaserver.org:3456/api/security/v1/saml`. However,
455454
if for example, {kib} is behind a reverse proxy and you have configured the
456455
following `xpack.security.public.*` settings:
457-
456+
+
458457
[source, shell]
459458
-----------------------------------------------
460459
xpack.security.public:
461460
protocol: https
462461
hostname: kibana.proxy.com
463462
port: 8080
464463
-----------------------------------------------
465-
464+
+
466465
These settings would instruct {kib} to construct the Assertion Consumer Service
467466
URL as `https://kibana.proxy.com:8080/api/security/v1/saml`
468-
--
469467

470468
.. The SAML Identity Provider is either explicitly configured by the IdP
471469
administrator or consumes the SAML metadata that are generated by {es} and as
472470
such contain the same value for the
473471
as the one
474472
that is configured in the the `sp.acs` setting in the {es} SAML realm
475473
configuration.
476-
474+
--
475+
+
477476
The error encountered here indicates that the Assertion Consumer Service URL
478477
that {kib} has constructed via one of the aforementioned ways
479478
(`https://my.kibana.url/api/security/v1/saml`) is not the one that {es} is
480479
configured with. Note that these two URLs are compared as case-sensitive strings
481480
and not as canonicalized URLs.
482-
481+
+
483482
Often, this can be resolved by changing the `sp.acs` URL in `elasticearch.yml`
484483
to match the value that {kib} has constructed. Note however, that the SAML IdP
485484
configuration needs to also be adjusted to reflect this change.
486-
485+
+
487486
Alternatively, if you think {kib} is using the wrong value for the Assertion
488487
Consumer Service URL, you will need to change the configuration in `kibana.yml`
489488
by adjusting either the `server.host` and `server.port` to change the URL {kib}
490489
listens to or the `xpack.security.public.*` settings to make {kib} aware about
491490
its correct public URL.
492-
--
493491

494492
. *Symptoms:*
495493
+

0 commit comments

Comments
 (0)