Skip to content

NameID mapping and Single Logout #47288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 4, 2019
Merged

NameID mapping and Single Logout #47288

merged 3 commits into from
Oct 4, 2019

Conversation

@jkakavas
Copy link
Contributor

@jkakavas jkakavas commented Sep 30, 2019
edited
Loading

Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.

@jkakavas
NameID mapping and Single Logout
d22c308 
Clarify in the documentation that for SAML Single Logout to be
functional, the user's principal property should be mapped from a
SAML NameID and not a SAML Attribute.
@jkakavas jkakavas added >docs General docs changes :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.0.0 v7.0.2 v7.1.2 v7.2.2 v7.5.0 v6.8.4 v7.4.1 v7.3.3 labels Sep 30, 2019
@jkakavas jkakavas requested review from lcawl and tvernum September 30, 2019 11:06
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 30, 2019

Pinging @elastic/es-docs

@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 30, 2019

Pinging @elastic/es-security

tvernum
tvernum reviewed Oct 4, 2019
View reviewed changes
x-pack/docs/en/security/authentication/saml-guide.asciidoc Outdated
NOTE: You can select to map the SAML `NamedID` value or any other SAML attribute value to the `principal` user
property. Keep in mind, however, that if a SAML attribute is mapped, the <<saml-logout, Single Logout>> functionality is
not available.

Copy link
Contributor

@tvernum tvernum Oct 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this true? It shouldn't be.
We need to receive a NameID from the IdP, but I don't think we need to map it to principal.

Copy link
Contributor Author

@jkakavas jkakavas Oct 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, I jumped the gun on this without looking at the code closely

@jkakavas jkakavas requested a review from tvernum October 4, 2019 07:42
@jkakavas jkakavas merged commit e33a02b into elastic:master Oct 4, 2019
@jkakavas jkakavas mentioned this pull request Oct 4, 2019
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Oct 4, 2019
@jkakavas
NameID mapping and Single Logout (elastic#47288)
2ce9ba4 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
@jkakavas jkakavas mentioned this pull request Oct 4, 2019
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Oct 4, 2019
@jkakavas
NameID mapping and Single Logout (elastic#47288)
0d9c29f 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
@jkakavas jkakavas mentioned this pull request Oct 4, 2019
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Oct 4, 2019
@jkakavas
NameID mapping and Single Logout (elastic#47288)
dc187fe 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
@jkakavas jkakavas mentioned this pull request Oct 4, 2019
Merged
jkakavas added a commit to jkakavas/elasticsearch that referenced this pull request Oct 4, 2019
@jkakavas
NameID mapping and Single Logout (elastic#47288)
a212e34 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
jkakavas added a commit that referenced this pull request Oct 7, 2019
@jkakavas
NameID mapping and Single Logout (#47288) (#47563)
4c8f004 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
jkakavas added a commit that referenced this pull request Oct 7, 2019
@jkakavas
NameID mapping and Single Logout (#47288) (#47561)
36cabba 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
jkakavas added a commit that referenced this pull request Oct 7, 2019
@jkakavas
NameID mapping and Single Logout (#47288) (#47562)
b2506a8 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
jkakavas added a commit that referenced this pull request Oct 7, 2019
@jkakavas
NameID mapping and Single Logout (#47288) (#47564)
14fef8e 
Clarify in the documentation that for SAML Single Logout to be
functional, the Identity Provider needs to release a NameID.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@lcawl lcawl Awaiting requested review from lcawl

Assignees

No one assigned

Labels

>docs General docs changes :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.8.4 v7.0.2 v7.1.2 v7.2.2 v7.3.3 v7.4.1 v7.5.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkakavas @elasticmachine @tvernum @jakelandis