SAML Configuration: What does "you must use the same signing certificate on all search head members" mean?


Today, I use CA signed certificates on all search head cluster members. These members are behind a load balancer. The load balancer DNS name and the unique host name (per server) are present in the subject alternative name. The server certificate is part of a chain along with Intermediate and Root certificates. This all seems to work fine.

I need to configure SAML, and have, for a single member. I can't make heads or tails of the "configuring SAML in a search head cluster" doc. According to the doc, there is a common "signing certificate" I need to copy to the other members. What is this? Has anyone had experience with SAML configuration in a search head cluster? Your thoughts are appreciated.

0 Karma