SamlSettings
editSamlSettings
editThe configuration for the Elasticsearch security SAML realm.
Properties
edit-
attributes
(SamlAttributeSettings
, required) - The SAML attribute mapping configuration
-
enabled
(boolean
) - When true, enables the security realm
-
encryption_certificate_url
(string
) - The SAML encryption certificate bundle URL. The bundle should be a zip file containing 'encryption.key' and 'encryption.pem' files in the directory '/saml/:id', where :id is the value of the [id] field.
-
encryption_certificate_url_password
(string
) - The password to the encryption certificate bundle
-
force_authn
(boolean
) - Specifies whether to set the ForceAuthn attribute when requesting that the IdP authenticate the current user. If set to true, the IdP is required to verify the user's identity, irrespective of any existing sessions they might have.
-
id
(string
, required) - The identifier for the security realm
-
idp
(SamlIdpSettings
, required) - The SAML Identity Provider configuration
-
name
(string
, required) - The friendly name of the security realm
-
nameid_format
(string
) - The NameID format. If not specified the IdP default is used. Example: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
-
order
(integer
asint32
) - The order that the security realm is evaluated
-
override_yaml
(string
) - Advanced configuration options in YAML format. Any settings defined here will override any configuration set via the API. Note that all keys should omit 'xpack.security.authc.realms.{realm_type}.{realm_id}'.
-
role_mappings
(SamlSecurityRealmRoleMappingRules
) - The role mapping rules associated with the security realm
-
signing_certificate_url
(string
) - The SAML signing certificate bundle URL. The bundle should be a zip file containing 'signing.key' and 'signing.pem' files in the directory '/saml/:id', where :id is the value of the [id] field.
-
signing_certificate_url_password
(string
) - The password to the signing certificate bundle
-
signing_saml_messages
(array[
string
)]
- A list of SAML message types that should be signed. Each element in the list should be the local name of a SAML XML Element. Supported element types are AuthnRequest, LogoutRequest and LogoutResponse. Only valid if a signing certificate is also specified.
-
sp
(SamlSpSettings
, required) - The SAML Service Provider configuration
-
ssl_certificate_url
(string
) - The SSL trusted CA certificate bundle URL. The bundle should be a zip file containing a single keystore file 'keystore.ks' Note that all keys should omit the 'xpack.security.authc.realms.saml.{realm_id}' prefix. For example, when the realm ID is set to 'saml1', the advanced configuration 'xpack.security.authc.realms.saml.saml1.ssl.verification_mode: full' should be added as 'ssl.verification_mode: full'.
-
ssl_certificate_url_truststore_password
(string
) - The password to the SSL certificate bundle URL truststore
-
ssl_certificate_url_truststore_type
(string
; allowed values: [jks
,PKCS12
]) - The format of the keystore file. Should be jks to use the Java Keystore format or PKCS12 to use PKCS#12 files. The default is jks.
Example
edit{ "attributes" : { "dn" : "string", "groups" : "string", "mail" : "string", "name" : "string", "principal" : "string" }, "enabled" : true, "encryption_certificate_url" : "string", "encryption_certificate_url_password" : "string", "force_authn" : true, "id" : "string", "idp" : { "entity_id" : "string", "metadata_path" : "string", "use_single_logout" : true }, "name" : "string", "nameid_format" : "string", "order" : 0, "override_yaml" : "string", "role_mappings" : { "default_roles" : [ "string" ], "rules" : [ { "roles" : [ "string" ], "type" : "string", "value" : "string" } ] }, "signing_certificate_url" : "string", "signing_certificate_url_password" : "string", "signing_saml_messages" : [ "string" ], "sp" : { "acs" : "string", "entity_id" : "string", "logout" : "string" }, "ssl_certificate_url" : "string", "ssl_certificate_url_truststore_password" : "string", "ssl_certificate_url_truststore_type" : "string" }