I am trying to set up authentication with Okta for an internal elastic stack on google cloud. After all, configurations have been completed to the best of my knowledge - at this moment, every time I hit the elastic stack URL, it redirects to the OKTA login dashboard then I put in my credentials and the login success brings me to OKTA internal dashboard then I select the SAML app but instead of directing me to the elastic stack dashboard, it brings me back to OKTA. My configurations are shown thus:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kibana-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/temporal-redirect: "https://o1labs.okta.com/"
spec:
ingressClassName: nginx
rules:
- host: *.*.*.*
http:
paths:
- pathType: Prefix
backend:
service:
name: kibana-kibana
port:
number: ****
path: /
# This section is only required if TLS is to be enabled for the Ingress
And the section of elastic.yaml configuration that concerns the SAML app is shown thus:
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack:
security:
authc:
realms:
saml:
cloud-saml:
order: 2
attributes.principal: "nameid"
attributes.groups: "groups"
idp.metadata.path: "http://o1labs.okta.com/app/exk4y6vlpojJuBXfn5d7/sso/saml/metadata"
idp.entity_id: "http://www.okta.com/exk4y6vlpojJuBXfn5d7"
sp.entity_id: "http://node.status.o1test.net/"
sp.acs: "http://node.status.o1test.net/"
sp.logout: "http://node.status.o1test.net/logout"
I’d like to know how this could be sorted; this process will be called successful if I hit this URL http://node.status.o1test.net/ and it redirects to https://o1labs.okta.com/ then I log in with my credentials and the login success yields OKTA dashboard then when I hit the SAML app, it directs me to the actual elastic dashboard.
Please review and let me know if there are other questions - thanks a million!