Skip to content

Commit 12ce948

Browse files
lcawllcawl
committed
Fixes list continuation issues (#293)
1 parent 6b66ef2 commit 12ce948

File tree

1 file changed

+7
-9
lines changed

1 file changed

+7
-9
lines changed

docs/en/stack/security/troubleshooting.asciidoc

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -443,52 +443,50 @@ Assertion Consumer Service URL of the SAML Service Provider is.
443443
.. {kib} constructs this value using the `server.host` and `server.port` in
444444
`kibana.yml`. For instance:
445445
+
446-
--
447446
[source, shell]
448447
-----------------------------------------------
449448
server.host: kibanaserver.org
450449
server.port: 3456
451450
-----------------------------------------------
452-
451+
+
453452
These settings would mean that {kib} would construct the Assertion Consumer
454453
Service URL as `https://kibanaserver.org:3456/api/secuirity/v1/saml`. However,
455454
if for example, {kib} is behind a reverse proxy and you have configured the
456455
following `xpack.security.public.*` settings:
457-
456+
+
458457
[source, shell]
459458
-----------------------------------------------
460459
xpack.security.public:
461460
protocol: https
462461
hostname: kibana.proxy.com
463462
port: 8080
464463
-----------------------------------------------
465-
464+
+
466465
These settings would instruct {kib} to construct the Assertion Consumer Service
467466
URL as `https://kibana.proxy.com:8080/api/secuirity/v1/saml`
468-
--
469467

470468
.. The SAML Identity Provider is either explicitly configured by the IdP
471469
administrator or consumes the SAML metadata that are generated by {es} and as
472470
such contain the same value for the Assertion Consumer Service URL as the one
473471
that is configured in the the `sp.acs` setting in the {es} SAML realm
474472
configuration.
475-
473+
--
474+
+
476475
The error encountered here indicates that the Assertion Consumer Service URL
477476
that {kib} has constructed via one of the aforementioned ways
478477
(`https://my.kibana.url/api/security/v1/saml`) is not the one that {es} is
479478
configured with. Note that these two URLs are compared as case-sensitive strings
480479
and not as canonicalized URLs.
481-
480+
+
482481
Often, this can be resolved by changing the `sp.acs` URL in `elasticearch.yml`
483482
to match the value that {kib} has constructed. Note however, that the SAML IdP
484483
configuration needs to also be adjusted to reflect this change.
485-
484+
+
486485
Alternatively, if you think {kib} is using the wrong value for the Assertion
487486
Consumer Service URL, you will need to change the configuration in `kibana.yml`
488487
by adjusting either the `server.host` and `server.port` to change the URL {kib}
489488
listens to or the `xpack.security.public.*` settings to make {kib} aware about
490489
its correct public URL.
491-
--
492490

493491
. *Symptoms:*
494492
+

0 commit comments

Comments
 (0)