Ignoring setting because the IdP metadata is being loaded from a file – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-7.15

Briefly, this error occurs when Elasticsearch’s Security feature is configured to use SAML authentication, and the Identity Provider (IdP) metadata is being loaded from a file. The system is ignoring a certain setting because it’s not needed when loading metadata from a file. To resolve this, ensure that the settings in your SAML configuration are correct. If a setting is not required because you’re loading from a file, you can remove it to avoid this warning. Alternatively, if you need the ignored setting, consider loading your IdP metadata from a URL instead.

This guide will help you check for common problems that cause the log ” Ignoring setting [{}] because the IdP metadata is being loaded from a file ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin, metadata.

 
 

plugins

 
 

metadata

Overview

Metadata in Elasticsearch refers to additional information stored for each document. This is achieved using the specific metadata fields available in Elasticsearch. The default behavior of some of these metadata fields can be customized during mapping creation.

Examples

Using _meta meta-field for storing application-specific information with the mapping:

PUT /my_index?pretty
{
  "mappings": {
    "_meta": { 
      "domain": "security",
      "release_information": {
        "date": "18-01-2020",
        "version": "7.5"
      }
    }
  }
}

Notes

  • In version 2.x, Elasticsearch had a total 13 meta fields available, which are: _index, _uid, _type, _id, _source, _size, _all, _field_names, _timestamp, _ttl, _parent, _routing, _meta
  • In version 5.x, _timestamp and _ttl meta fields were removed.
  • In version 6.x, the _parent meta field was removed.
  • In version 7.x, _uid and _all meta fields were removed.
 
 

Log Context

Log “Ignoring setting [{}] because the IdP metadata is being loaded from a file” classname is SamlRealm.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

        final String entityId = require(config; IDP_ENTITY_ID);
        final Path path = config.env().configFile().resolve(metadataPath);
        final FilesystemMetadataResolver resolver = new FilesystemMetadataResolver(path.toFile());

        if (config.hasSetting(IDP_METADATA_HTTP_REFRESH)) {
            logger.info("Ignoring setting [{}] because the IdP metadata is being loaded from a file";
                    RealmSettings.getFullSettingKey(config; IDP_METADATA_HTTP_REFRESH));
        }

        // We don't want to rely on the internal OpenSAML refresh timer; but we can't turn it off; so just set it to run once a day.
        // @TODO : Submit a patch to OpenSAML to optionally disable the timer

 

 [ratemypost]

Related Articles

Back to all articles