ECE redirects - SAML sign outgoing messages (#2012)

eedugon · web-flow · commit 5d8ff2be19d6 · 2025-07-03T20:29:39.000Z
Adds https://www.elastic.co/guide/en/cloud-enterprise/current/ece-sign-outgoing-saml-message.html to the appropriate doc as a mapped_page. This is part of the work for elastic/docs-projects#494 In a parallel activity we will request the redirect of that page to https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/saml#_configuring_es_for_signing In this case I think the problem was caused by a typo (`_` instead of `-`). We already had this redirection and mapped_page configured, which is probably wrong: https://www.elastic.co/guide/en/cloud-enterprise/current/ece_sign_outgoing_saml_message.html I believe there's a typo and we could remove the redirection and the mapped_page of the underscored case. But I won't be doing it until I get confirmation from @colleenmcginnis or @shainaraskas . @shainaraskas : I have also added a small update in the SAML doc as all the links about `custom bundles` need to be separated between ECH and ECE, because the procedures are completely different. let me know your thoughts and if you want to change the wording.
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/saml.md b/deploy-manage/users-roles/cluster-or-deployment-auth/saml.md
@@ -2,6 +2,7 @@
 navigation_title: SAML
 mapped_pages:
   - https://www.elastic.co/guide/en/elasticsearch/reference/current/saml-realm.html
+  - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-sign-outgoing-saml-message.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece_sign_outgoing_saml_message.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece_optional_settings.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-securing-clusters-SAML.html
@@ -158,7 +159,7 @@ idp.metadata.path
     :::{tip}
     If you want to pass a file path, then review the following:
     * File path settings are resolved relative to the {{es}} config directory. {{es}} will automatically monitor this file for changes and will reload the configuration whenever it is updated.
-    * If you're using {{ece}} or {{ech}}, then you must upload the file [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced.
+    * If you're using {{ech}} or {{ece}}, then you must upload the file before it can be referenced. For {{ech}}, upload the file [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md). For {{ece}}, follow the equivalent [ECE procedure](/deploy-manage/deploy/cloud-enterprise/add-custom-bundles-plugins.md).
     * If you're using {{eck}}, then install the file as [custom configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md#use-a-volume-and-volume-mount-together-with-a-configmap-or-secret).
     :::
 
@@ -416,11 +417,11 @@ Encryption certificates can be generated with the same process.
 
 ### Sign outgoing SAML messages [_configuring_es_for_signing]
 
-By default, {{es}} will sign *all* outgoing SAML messages if a signing key has been configured.
+By default, {{es}} will sign *all* outgoing SAML messages if a signing certificate and key has been configured.
 
 :::{tip}
 * In self-managed clusters, file path settings is resolved relative to the {{es}} config directory. {{es}} will automatically monitor this file for changes and will reload the configuration whenever it is updated.
-* If you're using {{ece}} or {{ech}}, then you must upload any certificate or keystore files [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced. You can add this file to your existing SAML bundle.
+* If you're using {{ech}} or {{ece}}, then you must upload any certificate or keystore files before they can be referenced in the configuration. For {{ech}}, upload them [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md). For {{ece}}, follow the equivalent [ECE procedure](/deploy-manage/deploy/cloud-enterprise/add-custom-bundles-plugins.md). In both cases, you can add the files to your existing SAML bundle.
 * If you're using {{eck}}, then install the files as [custom configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md#use-a-volume-and-volume-mount-together-with-a-configmap-or-secret).
 :::
 
@@ -484,7 +485,7 @@ If an `Assertion` contains both encrypted and plain-text attributes, then failur
 
 :::{tip}
 * In self-managed clusters, file path settings is resolved relative to the {{es}} config directory. {{es}} will automatically monitor this file for changes and will reload the configuration whenever it is updated.
-* If you're using {{ece}} or {{ech}}, then you must upload any certificate or keystore files [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md) before it can be referenced. You can add this file to your existing SAML bundle.
+* If you're using {{ech}} or {{ece}}, then you must upload any certificate or keystore files before they can be referenced in the configuration. For {{ech}}, upload them [as a custom bundle](/deploy-manage/deploy/elastic-cloud/upload-custom-plugins-bundles.md). For {{ece}}, follow the equivalent [ECE procedure](/deploy-manage/deploy/cloud-enterprise/add-custom-bundles-plugins.md). In both cases, you can add the files to your existing SAML bundle.
 * If you're using {{eck}}, then install the files as [custom configuration files](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md#use-a-volume-and-volume-mount-together-with-a-configmap-or-secret).
 :::
 
