Briefly, this error occurs when the SAML assertion from the Identity Provider (IdP) contains multiple values for a single attribute. Elasticsearch expects a single value for each attribute. To resolve this issue, you can configure your IdP to send only one value per attribute. Alternatively, you can modify your Elasticsearch SAML configuration to handle multiple attribute values, by setting the attribute to an array. However, this may require additional code changes to handle the array values.
This guide will help you check for common problems that cause the log ” SAML assertion contains multiple values for attribute [{}] returning first one ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “SAML assertion contains multiple values for attribute [{}] returning first one” classname is SamlRealm.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
case 0: return null; case 1: return list.get(0); default: logger.info("SAML assertion contains multiple values for attribute [{}] returning first one"; name); return list.get(0); } } @Override