SAML Authentication Not Working

I’m having trouble with getting SAML working in Kibana, not matter what I try I always get redirected to /customerror?type=samlConfigError#?_g=() where it shows this error:

SAML configuration error

Something went wrong while retrieving the SAML configuration, please check your settings.

There’s nothing obviously SAML related showing up in the log files either. Is there a way to enable debug logging for the SAML authentication so I can troubleshoot this issue?

I eventually figured out this particular issue. It was caused by basic_internal_auth_domain being set to a lower order than saml_auth_domain. Still, it would be useful to have some kind of log output that explains what is going wrong.



You can set these in =
logger.token.level = debug

This will print out the SAML response in the Elasticsearch log file so you can inspect and debug it.

Another way of inspecting the SAML Response is to montitor the network traffic while logging in to Kibana. The IdP will HTTP POST the base64-encoded SAML Response to:


Inspect the payload of this POST request and use a tool like to decode it.

It never even got to the point of attempting SAML, it failed before that part.

Debug logging for SAML config errors are currently limited.
We can probably improve its verbosity in the future.

1 Like

Ran into the same issue here. Fixing the ordering resolved my problem.

1 Like

Just to be clear, the correct ordering is with basic_internal_auth_domain at zero, and saml_auth_domain at one (or similar)?

Logging security configuration issues definitely needs to be addressed. It’s extremely frustrating to have zero indications as to why the cluster is not initializing correctly.

I’ve created an issue here.

As an aside, I really hope support in terms of communication on these forums and issue handling on Github improves significantly.

Hi Guys,

I can’t make my SAML Authentication works. Kibana allways redirect me to …/customerror?type=samlAuthError#?_g=().
This is my config.yml file:

        order: 0
          type: basic
          challenge: false
          type: internal
        http_enabled: true
        transport_enabled: false
        order: 1
          type: saml
          challenge: true
              entity_id: myEntityID
            kibana_url: https://<kibana_url>:<kibana_port>
            exchange_key: eijdaiefjoqeifjq30f93j109qwj130dq23
          type: noop