42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
[role="xpack"]
|
|
[[saml-realm]]
|
|
=== SAML authentication
|
|
The {stack} {security-features} support user authentication using SAML
|
|
single sign-on (SSO). The {security-features} provide this support using the Web
|
|
Browser SSO profile of the SAML 2.0 protocol.
|
|
|
|
This protocol is specifically designed to support authentication via an
|
|
interactive web browser, so it does not operate as a standard authentication
|
|
realm. Instead, there are {kib} and {es} {security-features} that work
|
|
together to enable interactive SAML sessions.
|
|
|
|
This means that the SAML realm is not suitable for use by standard REST clients.
|
|
If you configure a SAML realm for use in {kib}, you should also configure
|
|
another realm, such as the <<native-realm, native realm>> in your authentication
|
|
chain.
|
|
|
|
In order to simplify the process of configuring SAML authentication within the
|
|
Elastic Stack, there is a step-by-step guide to
|
|
<<saml-guide, Configuring Elasticsearch and Kibana to use SAML single sign-on>>.
|
|
|
|
The remainder of this document will describe {es} specific configuration options
|
|
for SAML realms.
|
|
|
|
[[saml-settings]]
|
|
==== SAML realm settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-settings[SAML realm settings].
|
|
|
|
==== SAML realm signing settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-signing-settings[SAML realm signing settings].
|
|
|
|
==== SAML realm encryption settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-encryption-settings[SAML realm encryption settings].
|
|
|
|
==== SAML realm SSL settings
|
|
|
|
See {ref}/security-settings.html#ref-saml-ssl-settings[SAML realm SSL settings].
|
|
|