SamlSettings

edit

The configuration for the Elasticsearch security SAML realm.

Properties

edit
attributes (SamlAttributeSettings, required)
The SAML attribute mapping configuration
enabled (boolean)
When true, enables the security realm
encryption_certificate_url (string)
The SAML encryption certificate bundle URL. The bundle should be a zip file containing 'encryption.key' and 'encryption.pem' files in the directory '/saml/:id', where :id is the value of the [id] field.
encryption_certificate_url_password (string)
The password to the encryption certificate bundle
force_authn (boolean)
Specifies whether to set the ForceAuthn attribute when requesting that the IdP authenticate the current user. If set to true, the IdP is required to verify the user's identity, irrespective of any existing sessions they might have.
id (string, required)
The identifier for the security realm
idp (SamlIdpSettings, required)
The SAML Identity Provider configuration
name (string, required)
The friendly name of the security realm
nameid_format (string)
The NameID format. If not specified the IdP default is used. Example: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
order (integer as int32)
The order that the security realm is evaluated
override_yaml (string)
Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit 'xpack.security.authc.realms.{realm_type}.{realm_id}'.
role_mappings (SamlSecurityRealmRoleMappingRules)
The role mapping rules associated with the security realm
signing_certificate_url (string)
The SAML signing certificate bundle URL. The bundle should be a zip file containing 'signing.key' and 'signing.pem' files in the directory '/saml/:id', where :id is the value of the [id] field.
signing_certificate_url_password (string)
The password to the signing certificate bundle
signing_saml_messages (array[string])
A list of SAML message types that should be signed. Each element in the list should be the local name of a SAML XML Element. Supported element types are AuthnRequest, LogoutRequest and LogoutResponse. Only valid if a signing certificate is also specified.
sp (SamlSpSettings, required)
The SAML Service Provider configuration
ssl_certificate_url (string)
The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' Note that all keys should omit the 'xpack.security.authc.realms.saml.{realm_id}' prefix. For example, when the realm ID is set to 'saml1', the advanced configuration 'xpack.security.authc.realms.saml.saml1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
ssl_certificate_url_truststore_password (string)
The password to the SSL certificate bundle URL truststore
ssl_certificate_url_truststore_type (string; allowed values: [jks, PKCS12])
The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.

Example

edit
{
   "attributes" : {
      "dn" : "string",
      "groups" : "string",
      "mail" : "string",
      "name" : "string",
      "principal" : "string"
   },
   "enabled" : true,
   "encryption_certificate_url" : "string",
   "encryption_certificate_url_password" : "string",
   "force_authn" : true,
   "id" : "string",
   "idp" : {
      "entity_id" : "string",
      "metadata_path" : "string",
      "use_single_logout" : true
   },
   "name" : "string",
   "nameid_format" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
         "string"
      ],
      "rules" : [
         {
            "roles" : [
               "string"
            ],
            "type" : "string",
            "value" : "string"
         }
      ]
   },
   "signing_certificate_url" : "string",
   "signing_certificate_url_password" : "string",
   "signing_saml_messages" : [
      "string"
   ],
   "sp" : {
      "acs" : "string",
      "entity_id" : "string",
      "logout" : "string"
   },
   "ssl_certificate_url" : "string",
   "ssl_certificate_url_truststore_password" : "string",
   "ssl_certificate_url_truststore_type" : "string"
}