From 844d2eed1865a37dbef895d65ad00b62b9294de6 Mon Sep 17 00:00:00 2001
From: Lyudmila Fokina <35386883+BigPandaToo@users.noreply.github.com>
Date: Tue, 17 Nov 2020 16:42:53 +0100
Subject: [PATCH] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm} (#65065)

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves #53161

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* [DOCS] Adds API to navigation tree

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

* Adding doc for the new API introduced by #64517 - /_security/saml/metadata/{realm}

Related to #49018

Co-authored-by: lcawl <lcawley@elastic.co>
---
 x-pack/docs/build.gradle                      |  1 +
 x-pack/docs/en/rest-api/security.asciidoc     |  2 +
 .../security/saml-sp-metadata.asciidoc        | 49 +++++++++++++++++++
 3 files changed, 52 insertions(+)
 create mode 100644 x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc

diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle
index 9915683c74414..b23208a21d3bb 100644
--- a/x-pack/docs/build.gradle
+++ b/x-pack/docs/build.gradle
@@ -56,6 +56,7 @@ testClusters.integTest {
   setting 'xpack.security.authc.realms.pki.pki1.certificate_authorities', '[ "testClient.crt" ]'
   setting 'xpack.security.authc.realms.pki.pki1.delegation.enabled', 'true'
   setting 'xpack.security.authc.realms.saml.saml1.order', '4'
+  setting 'xpack.security.authc.realms.saml.saml1.sp.logout', 'https://kibana.org/logout'
   setting 'xpack.security.authc.realms.saml.saml1.idp.entity_id', 'https://my-idp.org'
   setting 'xpack.security.authc.realms.saml.saml1.idp.metadata.path', 'idp-docs-metadata.xml'
   setting 'xpack.security.authc.realms.saml.saml1.sp.entity_id', 'https://kibana.org'
diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc
index 9fbcb93cda4fa..e653f52bf3212 100644
--- a/x-pack/docs/en/rest-api/security.asciidoc
+++ b/x-pack/docs/en/rest-api/security.asciidoc
@@ -103,6 +103,7 @@ realm when using a custom web application other than Kibana
 * <<security-api-saml-authenticate, Submit an authentication response>>
 * <<security-api-saml-logout, Logout an authenticated user>>
 * <<security-api-saml-invalidate, Submit a logout request from the IdP>>
+* <<security-api-saml-sp-metadata,Generate SAML metadata>>
 
 
 include::security/authenticate.asciidoc[]
@@ -141,4 +142,5 @@ include::security/saml-prepare-authentication-api.asciidoc[]
 include::security/saml-authenticate-api.asciidoc[]
 include::security/saml-logout-api.asciidoc[]
 include::security/saml-invalidate-api.asciidoc[]
+include::security/saml-sp-metadata.asciidoc[]
 include::security/ssl.asciidoc[]
diff --git a/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
new file mode 100644
index 0000000000000..b72ef36301b28
--- /dev/null
+++ b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
@@ -0,0 +1,49 @@
+[role="xpack"]
+[[security-api-saml-sp-metadata]]
+=== SAML service provider metadata API
+
+Generate SAML metadata for a SAML 2.0 Service Provider.
+
+[[security-api-saml-sp-metadata-request]]
+==== {api-request-title}
+
+`GET /_security/saml/metadata/<realm_name>`
+
+[[security-api-saml-sp-metadata-desc]]
+==== {api-description-title}
+
+The SAML 2.0 specification provides a mechanism for Service Providers to
+describe their capabilities and configuration using a metadata file. This API
+generates Service Provider metadata, based on the configuration of a SAML realm
+in {es}.
+
+[[security-api-saml-sp-metadata-path-params]]
+==== {api-path-parms-title}
+
+`<realm_name>`::
+  (Required, string) The name of the SAML realm in {es}.
+
+[[security-api-saml-sp-metadata-response-body]]
+==== {api-response-body-title}
+
+`metadata`::
+(string) An XML string that contains a SAML Service Provider's metadata for the realm.
+
+[[security-api-saml-sp-metadata-example]]
+==== {api-examples-title}
+
+The following example generates Service Provider metadata for
+SAML realm `saml1`:
+
+[source,console]
+--------------------------------------------------
+GET /_security/saml/metadata/saml1
+--------------------------------------------------
+The API returns the following response containing the SAML metadata as an XML string:
+
+[source,console-result]
+--------------------------------------------------
+{
+    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.org/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
+}
+--------------------------------------------------