@YassineLazaar Turns out that the machine was in a VLAN that didnt have access to the internet, so it was unable to get the SAML config XML from the IDP.
Solution was to put the metatdata XML on the server and refernce it as metadata_file: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/metadata.xml instead of metadata_url in config.yml