From 50cf25a5ba26fdb5c15dff9b786fcabdf636fdbb Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Sun, 15 Nov 2020 19:14:39 +0100
Subject: [PATCH 1/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 .../security/saml_sp_metadata.asciidoc        | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc

diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
new file mode 100644
index 0000000000000..2e73b72292b34
--- /dev/null
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -0,0 +1,43 @@
+[role="xpack"]
+[[security-api-saml-sp-metadata]]
+=== SAML sp metadata API
+
+Generate a SAML 2.0 Service Provider Metadata.
+
+[[security-api-saml-sp-metadata-request]]
+==== {api-request-title}
+
+`POST /_security/saml/metadata/<realmname>`
+
+[[security-api-saml-sp-metadata-desc]]
+==== {api-description-title}
+
+The SAML 2.0 specification provides a mechanism for Service Providers to describe their
+capabilities and configuration using a metadata file.
+This API generates Service Provider metadata, based on the configuration of a SAML realm
+in Elasticsearch.
+
+[[security-api-saml-sp-metadata-response-body]]
+==== {api-response-body-title}
+
+`metadata`::
+(string) An XML string that contains a SAML Service Providers metadata for the realm.
+
+[[security-api-saml-sp-metadata-example]]
+==== {api-examples-title}
+
+The following example generate Service Provider metadata for
+SAML realm `saml1`:
+
+[source,console]
+--------------------------------------------------
+GET /_security/saml/metadata/saml1
+--------------------------------------------------
+The API returns the following response:
+
+[source,js]
+--------------------------------------------------
+{
+    "xml_metadata":"<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.example.com/\">\n  <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/>\n    <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.example.com/api/security/v1/saml\" index=\"1\" isDefault=\"true\"/>\n  </md:SPSSODescriptor>\n</md:EntityDescriptor>\n"
+}
+--------------------------------------------------

From d3a57fb70e97249653a23ae4f7ca0b1b7dbedeed Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Mon, 16 Nov 2020 13:51:25 +0100
Subject: [PATCH 2/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
index 2e73b72292b34..975330c6a3dbf 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -38,6 +38,7 @@ The API returns the following response:
 [source,js]
 --------------------------------------------------
 {
-    "xml_metadata":"<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.example.com/\">\n  <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/>\n    <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.example.com/api/security/v1/saml\" index=\"1\" isDefault=\"true\"/>\n  </md:SPSSODescriptor>\n</md:EntityDescriptor>\n"
+    "metadata" : "<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://kibana.example.com/"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://kibana.example.com/logout"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kibana.example.com/api/security/v1/saml" index="1" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------
+// NOTCONSOLE

From b44b4a97d6fba93a9184e9b0c0c1acb018bb6ec5 Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Mon, 16 Nov 2020 17:49:30 +0100
Subject: [PATCH 3/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 .../en/rest-api/security/saml_sp_metadata.asciidoc  | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
index 975330c6a3dbf..e63bf578ca2e9 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -1,13 +1,13 @@
 [role="xpack"]
 [[security-api-saml-sp-metadata]]
-=== SAML sp metadata API
+=== SAML service provider metadata API
 
-Generate a SAML 2.0 Service Provider Metadata.
+Generate SAML metadata for a SAML 2.0 Service Provider.
 
 [[security-api-saml-sp-metadata-request]]
 ==== {api-request-title}
 
-`POST /_security/saml/metadata/<realmname>`
+`GET /_security/saml/metadata/<realmname>`
 
 [[security-api-saml-sp-metadata-desc]]
 ==== {api-description-title}
@@ -21,12 +21,12 @@ in Elasticsearch.
 ==== {api-response-body-title}
 
 `metadata`::
-(string) An XML string that contains a SAML Service Providers metadata for the realm.
+(string) An XML string that contains a SAML Service Provider's metadata for the realm.
 
 [[security-api-saml-sp-metadata-example]]
 ==== {api-examples-title}
 
-The following example generate Service Provider metadata for
+The following example generates Service Provider metadata for
 SAML realm `saml1`:
 
 [source,console]
@@ -35,10 +35,9 @@ GET /_security/saml/metadata/saml1
 --------------------------------------------------
 The API returns the following response:
 
-[source,js]
+[source,console-result]
 --------------------------------------------------
 {
     "metadata" : "<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://kibana.example.com/"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://kibana.example.com/logout"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kibana.example.com/api/security/v1/saml" index="1" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------
-// NOTCONSOLE

From 3e03d5885f5c5172b0f428746d0d2d15b1bb698f Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Mon, 16 Nov 2020 19:27:08 +0100
Subject: [PATCH 4/8] This change adds realm name of the realm used to perform
 authentication to the responses of _security/oidc/authenticate and
 _security/oidc/authenticate APIs

Resolves #53161
---
 x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
index e63bf578ca2e9..0f64f395db1a1 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -38,6 +38,6 @@ The API returns the following response:
 [source,console-result]
 --------------------------------------------------
 {
-    "metadata" : "<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://kibana.example.com/"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://kibana.example.com/logout"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://kibana.example.com/api/security/v1/saml" index="1" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>"
+    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.example.com/\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.example.com/api/security/v1/saml\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------

From d9a7e2e5c9a097d0fa9970ae92493ca237728f33 Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Mon, 16 Nov 2020 20:05:51 +0100
Subject: [PATCH 5/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
index 0f64f395db1a1..12d512b473c22 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -38,6 +38,6 @@ The API returns the following response:
 [source,console-result]
 --------------------------------------------------
 {
-    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.example.com/\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.example.com/api/security/v1/saml\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
+    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------

From f7df5ab2828b51d076a4eb501e9ff0e096ac47e8 Mon Sep 17 00:00:00 2001
From: lcawl <lcawley@elastic.co>
Date: Mon, 16 Nov 2020 12:43:54 -0800
Subject: [PATCH 6/8] [DOCS] Adds API to navigation tree

---
 x-pack/docs/en/rest-api/security.asciidoc          |  2 ++
 ...metadata.asciidoc => saml-sp-metadata.asciidoc} | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)
 rename x-pack/docs/en/rest-api/security/{saml_sp_metadata.asciidoc => saml-sp-metadata.asciidoc} (81%)

diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc
index 9fbcb93cda4fa..e653f52bf3212 100644
--- a/x-pack/docs/en/rest-api/security.asciidoc
+++ b/x-pack/docs/en/rest-api/security.asciidoc
@@ -103,6 +103,7 @@ realm when using a custom web application other than Kibana
 * <<security-api-saml-authenticate, Submit an authentication response>>
 * <<security-api-saml-logout, Logout an authenticated user>>
 * <<security-api-saml-invalidate, Submit a logout request from the IdP>>
+* <<security-api-saml-sp-metadata,Generate SAML metadata>>
 
 
 include::security/authenticate.asciidoc[]
@@ -141,4 +142,5 @@ include::security/saml-prepare-authentication-api.asciidoc[]
 include::security/saml-authenticate-api.asciidoc[]
 include::security/saml-logout-api.asciidoc[]
 include::security/saml-invalidate-api.asciidoc[]
+include::security/saml-sp-metadata.asciidoc[]
 include::security/ssl.asciidoc[]
diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
similarity index 81%
rename from x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
rename to x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
index 12d512b473c22..ae0f8daaa9980 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
@@ -7,16 +7,22 @@ Generate SAML metadata for a SAML 2.0 Service Provider.
 [[security-api-saml-sp-metadata-request]]
 ==== {api-request-title}
 
-`GET /_security/saml/metadata/<realmname>`
+`GET /_security/saml/metadata/<realm_name>`
 
 [[security-api-saml-sp-metadata-desc]]
 ==== {api-description-title}
 
-The SAML 2.0 specification provides a mechanism for Service Providers to describe their
-capabilities and configuration using a metadata file.
-This API generates Service Provider metadata, based on the configuration of a SAML realm
+The SAML 2.0 specification provides a mechanism for Service Providers to
+describe their capabilities and configuration using a metadata file. This API
+generates Service Provider metadata, based on the configuration of a SAML realm
 in Elasticsearch.
 
+[[security-api-saml-sp-metadata-path-params]]
+==== {api-path-parms-title}
+
+`<realm_name>`::
+  (Required, string) The name of the SAML realm in {es}.
+
 [[security-api-saml-sp-metadata-response-body]]
 ==== {api-response-body-title}
 

From 64adf7fe0a5faa62db7116e038ae7a5f2dedbf41 Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Mon, 16 Nov 2020 21:52:31 +0100
Subject: [PATCH 7/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 x-pack/docs/build.gradle                                   | 1 +
 x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle
index 974f1c09b76c1..d3de8f564b465 100644
--- a/x-pack/docs/build.gradle
+++ b/x-pack/docs/build.gradle
@@ -56,6 +56,7 @@ testClusters.integTest {
   setting 'xpack.security.authc.realms.pki.pki1.certificate_authorities', '[ "testClient.crt" ]'
   setting 'xpack.security.authc.realms.pki.pki1.delegation.enabled', 'true'
   setting 'xpack.security.authc.realms.saml.saml1.order', '4'
+  setting 'xpack.security.authc.realms.saml.saml1.sp.logout', 'https://kibana.example.com/logout'
   setting 'xpack.security.authc.realms.saml.saml1.idp.entity_id', 'https://my-idp.org'
   setting 'xpack.security.authc.realms.saml.saml1.idp.metadata.path', 'idp-docs-metadata.xml'
   setting 'xpack.security.authc.realms.saml.saml1.sp.entity_id', 'https://kibana.org'
diff --git a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
index 12d512b473c22..3d17569411e46 100644
--- a/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml_sp_metadata.asciidoc
@@ -38,6 +38,6 @@ The API returns the following response:
 [source,console-result]
 --------------------------------------------------
 {
-    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
+    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------

From ed189b3f9465efe18fefda42b0f79f0a281f735e Mon Sep 17 00:00:00 2001
From: BigPandaToo <lyudmila.fokina@elastic.co>
Date: Tue, 17 Nov 2020 10:33:01 +0100
Subject: [PATCH 8/8] Adding doc for the new API introduced by #64517 -
 /_security/saml/metadata/{realm}

Related to #49018
---
 x-pack/docs/build.gradle                                   | 2 +-
 x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle
index d3de8f564b465..06aec099fb2f5 100644
--- a/x-pack/docs/build.gradle
+++ b/x-pack/docs/build.gradle
@@ -56,7 +56,7 @@ testClusters.integTest {
   setting 'xpack.security.authc.realms.pki.pki1.certificate_authorities', '[ "testClient.crt" ]'
   setting 'xpack.security.authc.realms.pki.pki1.delegation.enabled', 'true'
   setting 'xpack.security.authc.realms.saml.saml1.order', '4'
-  setting 'xpack.security.authc.realms.saml.saml1.sp.logout', 'https://kibana.example.com/logout'
+  setting 'xpack.security.authc.realms.saml.saml1.sp.logout', 'https://kibana.org/logout'
   setting 'xpack.security.authc.realms.saml.saml1.idp.entity_id', 'https://my-idp.org'
   setting 'xpack.security.authc.realms.saml.saml1.idp.metadata.path', 'idp-docs-metadata.xml'
   setting 'xpack.security.authc.realms.saml.saml1.sp.entity_id', 'https://kibana.org'
diff --git a/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
index 69259bae81c2f..b72ef36301b28 100644
--- a/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
+++ b/x-pack/docs/en/rest-api/security/saml-sp-metadata.asciidoc
@@ -15,7 +15,7 @@ Generate SAML metadata for a SAML 2.0 Service Provider.
 The SAML 2.0 specification provides a mechanism for Service Providers to
 describe their capabilities and configuration using a metadata file. This API
 generates Service Provider metadata, based on the configuration of a SAML realm
-in Elasticsearch.
+in {es}.
 
 [[security-api-saml-sp-metadata-path-params]]
 ==== {api-path-parms-title}
@@ -39,11 +39,11 @@ SAML realm `saml1`:
 --------------------------------------------------
 GET /_security/saml/metadata/saml1
 --------------------------------------------------
-The API returns the following response:
+The API returns the following response containing the SAML metadata as an XML string:
 
 [source,console-result]
 --------------------------------------------------
 {
-    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.example.com/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
+    "metadata" : "<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://kibana.org\"><md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://kibana.org/logout\"/><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://kibana.org/api/security/saml/callback\" index=\"1\" isDefault=\"true\"/></md:SPSSODescriptor></md:EntityDescriptor>"
 }
 --------------------------------------------------