Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML API for generating SP metadata #49018

Closed
jkakavas opened this issue Nov 13, 2019 · 1 comment · Fixed by #64517
Closed

SAML API for generating SP metadata #49018

jkakavas opened this issue Nov 13, 2019 · 1 comment · Fixed by #64517
Assignees
@BigPandaToo
Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team

Comments

@jkakavas
Copy link
Member

We currently provide a CLI utility for generating the SAML SP metadata for the Elastic Stack. We could potentially expose an API endpoint , i.e. _security/saml/metadata that will generate and return the metadata. This can be useful for Cloud
@jkakavas jkakavas added >enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) labels Nov 13, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Authentication)

@rjernst rjernst added the Team:Security Meta label for security team label May 4, 2020
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 3, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
860fd30 
Resolve elastic#49018
@BigPandaToo BigPandaToo mentioned this issue Nov 3, 2020
Merged
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 3, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
1180e64 
Resolves elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 4, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
1b18d9f 
Resolves elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 4, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
b076e6c 
Resolves elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 5, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
9d1a098 
Resolves elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 5, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
337f23c 
Resolves elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 5, 2020
@BigPandaToo
Adding API for generating SAML SP metadata
6567e0f 
Resolves elastic#49018
BigPandaToo added a commit that referenced this issue Nov 6, 2020
@BigPandaToo @elasticmachine
Adding API for generating SAML SP metadata (#64517)
ad658c6 
* Adding API for generating SAML SP metadata
Resolve #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 6, 2020
@BigPandaToo @elasticmachine
Adding API for generating SAML SP metadata (elastic#64517)
324e2c0 
* Adding API for generating SAML SP metadata
Resolve elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

* Adding API for generating SAML SP metadata
Resolves elastic#49018

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@BigPandaToo BigPandaToo mentioned this issue Nov 6, 2020
Merged
BigPandaToo added a commit that referenced this issue Nov 6, 2020
@BigPandaToo @elasticmachine
Adding API for generating SAML SP metadata (#64517) (#64731)
c6bfc96 
* Adding API for generating SAML SP metadata
Resolve #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

* Adding API for generating SAML SP metadata
Resolves #49018

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 16, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
50cf25a 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 16, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
d3a57fb 
…aml/metadata/{realm}

Related to elastic#49018
@BigPandaToo BigPandaToo mentioned this issue Nov 16, 2020
Merged
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 16, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
b44b4a9 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 16, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
d9a7e2e 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 16, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
64adf7f 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 17, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
ed189b3 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit that referenced this issue Nov 17, 2020
@BigPandaToo @lcawl
Adding doc for the new API introduced by #64517 - /_security/saml/met…
0b69d91 
…adata/{realm} (#65065)

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves #53161

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* [DOCS] Adds API to navigation tree

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 17, 2020
@BigPandaToo @lcawl
Adding doc for the new API introduced by elastic#64517 - /_security/s…
844d2ee 
…aml/metadata/{realm} (elastic#65065)

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves elastic#53161

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* [DOCS] Adds API to navigation tree

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo added a commit that referenced this issue Nov 17, 2020
@BigPandaToo @lcawl
Adding doc for the new API introduced by #64517 - /_security/saml/met…
fb1d857 
…adata/{realm} (#65065) (#65158)

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm} (#65065)

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves #53161

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* [DOCS] Adds API to navigation tree

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

Co-authored-by: lcawl <lcawley@elastic.co>

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161

Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161

Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs
Resolves #53161

Co-authored-by: lcawl lcawley@elastic.co
#65065
#backport

Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Nov 17, 2020
@BigPandaToo
Adding doc for the new API introduced by elastic#64517 - /_security/s…
7b1b8da 
…aml/metadata/{realm}

Related to elastic#49018
BigPandaToo added a commit that referenced this issue Dec 4, 2020
@BigPandaToo @elasticmachine
Adding a warning header when a license is about to expire (#64948)
0b586c2 
* This change adds a warning header when a license is about to expire

Resolves #60562

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves #53161

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding a warning header when a license is about to expire

Resolves #60562

* Addressing the PR feedback

* Switching back to adding the header during featureCheck to allow
warnings when authentication is disabled as well. Adding filterHeader
implementation to SecurityRestFilter exception handling to remove all
the warnings if authentication fails.

* Changing the wording for "expired" message to be consistent with the log
 messages; changing "today" calculation; adding a test case for failing
 authN to make sure we remove the warning header

* Small changes in the way we verify header in tests

* Nit changes

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 4, 2020
@BigPandaToo @elasticmachine
Adding a warning header when a license is about to expire (elastic#64948
169c326 
)

* This change adds a warning header when a license is about to expire

Resolves elastic#60562

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves elastic#53161

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* Adding a warning header when a license is about to expire

Resolves elastic#60562

* Addressing the PR feedback

* Switching back to adding the header during featureCheck to allow
warnings when authentication is disabled as well. Adding filterHeader
implementation to SecurityRestFilter exception handling to remove all
the warnings if authentication fails.

* Changing the wording for "expired" message to be consistent with the log
 messages; changing "today" calculation; adding a test case for failing
 authN to make sure we remove the warning header

* Small changes in the way we verify header in tests

* Nit changes

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo added a commit that referenced this issue Dec 5, 2020
@BigPandaToo @elasticmachine
Adding a warning header when a license is about to expire #64948 (#65900
e0b75c9 
)

* Adding a warning header when a license is about to expire (#64948)

* This change adds a warning header when a license is about to expire

Resolves #60562

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves #53161

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding a warning header when a license is about to expire

Resolves #60562

* Addressing the PR feedback

* Switching back to adding the header during featureCheck to allow
warnings when authentication is disabled as well. Adding filterHeader
implementation to SecurityRestFilter exception handling to remove all
the warnings if authentication fails.

* Changing the wording for "expired" message to be consistent with the log
 messages; changing "today" calculation; adding a test case for failing
 authN to make sure we remove the warning header

* Small changes in the way we verify header in tests

* Nit changes

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

* Resolving backporting issue: adding copyMapWithRemovedEntry() util function
Fixing unused imports

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 15, 2020
@BigPandaToo
Adding information about SAML API to SAML guide
c252688 
Adding information about new SAML metadata API to SAML guid

Related:#elastic#49018
@BigPandaToo BigPandaToo mentioned this issue Dec 15, 2020
Merged
@stevejgordon stevejgordon mentioned this issue Dec 17, 2020
Closed
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 18, 2020
@BigPandaToo
Adding information about SAML API to SAML guide
ac705ec 
Adding information about new SAML metadata API to SAML guid

Related: elastic#49018
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 20, 2020
@BigPandaToo
Adding information about SAML API to SAML guide
26cf148 
Adding information about new SAML metadata API to SAML guid

Related: elastic#49018
BigPandaToo added a commit that referenced this issue Dec 21, 2020
@BigPandaToo @lcawl
Adding information about SAML API to SAML guide (#66404)
6b725f8 
* Adding information about SAML API to SAML guide

Adding information about new SAML metadata API to SAML guid

Related:##49018
Co-authored-by: lcawl <lcawley@elastic.co>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 21, 2020
@BigPandaToo @lcawl
Adding information about SAML API to SAML guide (elastic#66404)
a75a4db 
* Adding information about SAML API to SAML guide

Adding information about new SAML metadata API to SAML guid

Related:#elastic#49018
Co-authored-by: lcawl <lcawley@elastic.co>
@BigPandaToo BigPandaToo mentioned this issue Dec 21, 2020
Merged
BigPandaToo added a commit that referenced this issue Dec 21, 2020
@BigPandaToo @lcawl
Adding information about SAML API to SAML guide (#66404) (#66680)
8532092 
* Adding information about SAML API to SAML guide

Adding information about new SAML metadata API to SAML guid

Related:##49018
Co-authored-by: lcawl <lcawley@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BigPandaToo BigPandaToo

Labels
>enhancement :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding API for generating SAML SP metadata BigPandaToo/elasticsearch
4 participants
@rjernst @jkakavas @elasticmachine @BigPandaToo