From 65d2ef48600268d16372a15485f39e53e87eb04e Mon Sep 17 00:00:00 2001 From: aetter Date: Wed, 29 Sep 2021 09:29:41 -0700 Subject: [PATCH] Re-add SAML example --- _security-plugin/configuration/saml.md | 8 +++----- assets/examples/saml-example.zip | Bin 3388 -> 4580 bytes 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/_security-plugin/configuration/saml.md b/_security-plugin/configuration/saml.md index e2d71f0f..a2a789e7 100755 --- a/_security-plugin/configuration/saml.md +++ b/_security-plugin/configuration/saml.md @@ -11,7 +11,6 @@ The security plugin supports user authentication through SAML single sign-on. Th This profile is meant for use with web browsers. It is not a general-purpose way of authenticating users against the security plugin, so its primary use case is to support OpenSearch Dashboards single sign-on. -{% comment %} ## Docker example @@ -35,7 +34,6 @@ We provide a fully functional example that can help you understand how to use SA In particular, you might find it helpful to review the contents of the `/var/www/simplesamlphp/config/` and `/var/www/simplesamlphp/metadata/` directories. -{% endcomment %} ## Activating SAML @@ -300,13 +298,13 @@ authc: Because most of the SAML-specific configuration is done in the security plugin, just activate SAML in your `opensearch_dashboards.yml` by adding the following: -``` -plugins.security.auth.type: "saml" +```yml +opensearch_security.auth.type: "saml" ``` In addition, the OpenSearch Dashboards endpoint for validating the SAML assertions must be whitelisted: -``` +```yml server.xsrf.whitelist: ["/_plugins/_security/saml/acs"] ``` diff --git a/assets/examples/saml-example.zip b/assets/examples/saml-example.zip index fb0e026509185bfe051b240cfe89cca9fdee6c05..32c53c525b99791e634f2fc0d07ab84a322efe5b 100644 GIT binary patch literal 4580 zcmcIn2{hDg7ymPsk+GCLvSiQR*g_bg#Jpq}%UEU%Mz)a|TS>+;D8xjx*eTftA&DBL zC`-#*5^3|=B}(L#d^7cVlcTrOIp25ZJf8WVai06!`@g^6{aqVN5DP!RFjS-g;_H|H z{^0^70Rkq#U&SjN6Asf z9xDK-tUn4HLLlM;RPaGwfdns1FxE%K6GQOvz+-|v391nR{$E`QrrTje=!>zha}{sb z8aSX1X&F@lf2?InI{&fZd2<6QC1gC!Q|WjinEzZ&{9TItJ@}tg39pNAq;k0$xqCre zV$t)Yc~L9J`K#WOAx^Bi+m3w#AFRwhpLw-BA?=w<%!hms$(dUJaEGMDz7&#EF>hDe z10%E)yL?4R385~IwXVUKr@&;NXy%6i2a%iBbHzFFh+X8c&61(Av$pXWp# zjjKdO^ z_dCvU=&uH#$Zwn7Snfi>b^jy0#1wLQ?UOB)&LYZkypbnjr(MDi+NbaZ!P}Jb9Ewa1 z)Cb=anuA;ti|0tJ5uU;fTAn2`ZIkozWtzMT1Qw|gSkje#Cs#hG*FQ_^ z-TuS4wCycPk0e~(Y3hwT3*dA+yquLMfQg#0=ROnKEKt<{Z0Esm^PPOX0NCR8<@d z0s_%ycR3mXR)_qBhf@8UYx!+$WMd*IACbq89Tc+$`eqv4qal*5DNsX7pI}^-c8^pX zuSw!jY!&f&sHjQeww-xA@l`~EXdb&>D0Zjo*nXWWHSYP+Ib&8rO^>>}_jC#yCM${Z z9oL9=ESPklD!0813L0KqGQw!Ba7sl9pBM@eo8e~ZSZl8u&sE*vo^L(0`qiKBY1kAwp9>@bg96|p%8f|&2$%5ulkagmk-nL&JB}Y#useao$VPyfHjPdgG8>oJqsH%y z^fhjmkFStPZ)LKybcNFvZB#R*i>jx}*m;dbVRErV78a*K&$oKAC-BzRCutA%zo%1aohmbS4t_GRQeO88+vX3*|~t#MwM^77derxjRR*ccdaxy%wPZiy(Pf zOzcA_vFZ1K{(>wfWi-l(jYL>DRs?1@G-LXy2@)?0wEuScyLROxrfONmoTY%eq&}(j zd?16Cmryzi7&ktx?rzrb>dkYb#65e{65iD?t_`oKn4p*p$wVTPE?SVo@+J$(Jg-~# z>QhMaOPblz(e)1|?nL97$Hdt}0#tAJH9Z#VG(j!Ac#-=#o_qe9j^-5yq*WV{ZL0Lq zY*g5RkO$;HW8EoDwPLSiM9QvajgorL5qD)hs5WYIjVjcRefi}^laF_uM9cjzbFY>6 z9$TJRez7#S#UVUlq45q^RI5tVZT>9(+tYo!QJ1-nEW9hIt13FisOVNCkb0MnaYjvS zTrGdn>uCGGRP;{@=eJ6F)i=#SHHCOka7EBt(?N6P#>(7uI} zKHejReh1MQw6{l~_nRq?yWcR9>1|j{rpLvI?R(T`*T|#zO#mRV9wVN3te;n~3Kky_ zgeQ3YgO&I+J4^z7G4^#>d4fdY`_=iQMjgZsz>i9?_`qCc#2;O<9jIr`4D3gFQb4m? z2hO}T9;Z@sf;BYvRUmZU-tHTn{;;TzA=@5k1?d{@s#45=ZY|p63vAz8mDZvAksouW z-7F@c9LP_$(g;!xR*dqfSWc1g(Lr^G9^A%R#WAcP{YT&Fb9{|;riMkfL1dR3a?CT5 zJ)24nXjc-BJq^3$B0AvsNz)|aPcff*`rNd z+HdZ9G*+ta5#=v9*{Z`VBk5BO)r%CwBEuKCiBN`kpcqqA?QB!3HH=`zcC|HQ@O$rw z?64tFM$Ip$x=BFPrp<+3FK2a*>3tSAk9~cs^xZPLY+zbl{ha)@OXpm=T#^JJVC(4g zi^0d>-Ym8p&+PLjS$-ec>VNNR( z;QTgI_E+^!V=_A0HV0`Gh)nk{G!350tqgaPRqGQjf#XqJy=JYZ9kn=+^w!M5gqsEn z18+Rkklo&PvzZyyzM31&LmfDN^WNMZKCZP zYRrDCdsSQq&PtevC-VkVRC2T8hDt|G43X}G3JZ|*p1oY@J?Na9S3&}>AG>7^AyFpzBFKuEyJXs-Mq5qv2TS{YKR#RL*s7oYQL8jj=!RV zUNOpyZOd&g_iSXHDU>vjef+evZttn)Ew?g9zc_`8r>YiG9Y$Zf_Fd_Qwm|)5&g2-0 z8idiR^6Go&0Zyb&&CSVFTQ1X1=tY!eIcx8yKUWmaYI&BcuQM%4zAZKGt zF|@>ve_@he!0Y!I<$tNH-W@OZfE}Oiz2*}$W^xn+;@sm0-Gjhda(*!NTZwsGXzB+g z2ssEzL$R(1f{ueL9|*zcx)%x+a$Ir%# zjoocf?Q7jJ^xWFs&CqkJR!lNyTNlz#n)C+hZoQMWt&$-FR;`#s1phpypZNPlP>cq= zmPQy2c-4wYz8vd<`UPKX(2myz$8fe5j0|R4wPMnB$j^iOh2IT>WTn3m0N|j1#_2^r I%*A;659D54xX6c= z8RXTqu2j6s-Qa%x4fW$YV2js*XL1(>&+k-wq((f3`|n6DfXU^Y5pUvXHDd?3dSgXc z!=MU1c3Wd(;~Q|gP2pXM+`8h|C-CA%Dlx`!HwlhUn(uX4HU+8OJ>J1OP|@8-lRv9o z^r*qK8s3`Gv7d~DYPCjGNZmZGakJV=`m)7AW!JeX?uKE-6P-`)UDK9uTk2O zlIkdLu?x+aiQM6;=VHu9w_Z!+OijNF&Gt$=6f`JPU%9WM$LE1Vu66-}YC_)&ZIe;p z&cD^!BhGb09Z4c8oD*AXyL_Qz($ zu2L75irjgP`UBdw6p*(L1bS#CLo@oo1Br*z_R^*%D(UGgE1R7d;+5{V16igW#wm>m z9_EzRn10OO4@zB#f{NE;{fKnFM-ekV`F(zl9khDeHKrCUMKIMN{?k2(fn0#H_V^-R z5Bpp??bvxevU`o@1n=9451~JLE(Ob=d4MAeW`-}$sFL>2xhh)1y;41p_cK=>jvg2H z$JUhh?w-suPoA;uh?8!Ck!%)Xn&i0Jmfe+&Y!~_i3@?4OJM?6w#1EV?*0$r+gWhfh zl3RFq$M9ZSndLi`ECxHZ|F+?C>2H8I3>3EK#lmO|2mlb_`;U=dDI}7S5cytSSaVB9 z{2{$h*rer!NaD_#B3ZZQQMW$l27Ou2dX}?9MUn>`8u+ z_C4rJ%MbQ;M46wK?`Uo%xY>J<3})WEZ&xLkpUSvA9TR;aFed#Ar-^*2 zLg`-)B-%PFo=?m%DB5~?%v!fY-o8*i*n1{`zvx$$t9`XsHssQNeCFLtb2)i!)y76o zsWI_PP9c9-=HBM;NsViB3bV{q<#)**?-Hbl*X8S|M}yi7r|-w4boQyQd;|_ky8gy9 zAOIkO$8W&7zQz@LB>(``^}z9E_#B~zqI?*1CL@gcD}XKwePDI115g)XkkO|PKQ-$W zQjq;K2uw5gRR33}{FSmk*1^3qsGX0^%O6Ghnc#lzZg+S)4C$FD4(v;*n&p`c4jdiV zx4lw2WR{zEDGzZjY)j$1Bfu(+sFo4ZH?;k3bruk3<2NBj8FgneQjl3yL)o~roi9&s zcImQ~urMoeW+o8%x52anx$<^}L5J&jKGhrsQ_!}FHq~z-bJg3xwl+xnfx2CMXCTy* z3o|y!z&Y&EaDR}r&qiTEVXv&(%}&lJHo?A$dhX0p6_?6lN~+67L8PwYJCJPiLny?v z?D>mq2|sVAnu}-A36js)qqR?i?sP*a;mT1`1;Z0+(|dWly68uhF0^G1JZn{HRd0}l zoYrb+!q@UO!azvQR=Ma$#s|L=-({sfRfg>`)C3L)pm016lW7_k!t^3}`kr&D5ZtVI zNm2!#yAY_lWhQl-#?BBh(LNx-HHzE6Z?-qd&1s&E#q~|mBkpD+E=aly0%=whcP7HV zMnE4mBp0YzT6Q((3^i;}<#3&GS!eBBkU1&k}9rz~+HB|v8 ziWf`51;p#q0JHYw&1219SWAvrIM*)-aul`Fxbtk{!I=kds=g0=8`*1jg5a%yw>q<5 zQriG2WoQv_N@>`@q5)kUMM{;it%uKt#0YF^O+MuDRac&vq{WQ$H?I`>FV$=Pkgiqm zx?SrfeI^H<B1hYj9( zSE%|8>Br}vNsioV5l~xdFl`y0#N6e`D=HUj?mvEFOLOxhjmmb9A7OlW>?qP;emi&S zh0tb1g!yACiPTy9FKp&BtorATCCZH`FI6xrsH3rIALU`Q&UOItS6=~w9Ol!~Yn@ay60AlM%UTTZ zj|~WGPa$&cwX!U7?bRq^A%sHx$-njazdd|y5s|{L1*}NnSEGnUfvhX?8Dxqy|1bWl rsMuO0i8!ztMXYimU;b?H`b^zFU<3{$E<8K{01;lrLN>-qir)SUDuy(d