Better error handling when SAML realm is not available under current license

Description

{"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}

[2020-03-16T23:28:12,135][INFO ][o.e.x.s.r.a.s.SamlBaseRestHandler] [node-1] The 'saml' realm is not available under the current license

Contributor guide

Tech stack

typescriptnodejs

Domain

frontendauthentication

Issue type

feature

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

half day

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

stale

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

clear

Prerequisites

Familiarity with Kibana's license checkingUnderstanding of SAML realm error handling

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

50

Research direction

Start by examining the SAML realm error handling code in x pack/plugins/security/server/saml/ or similar. The issue mentions that Elasticsearch logs a clear message but Kibana returns a generic 401. Look for where license checks are performed before using SAML realm. The goal is to intercept the license violation and return a user friendly error message in the UI. Check the SamlBaseRestHandler referenced in the ES log and see how Kibana can detect the license state and render an appropriate error page.