elastic · jkakavas · Jul 24, 2019 · Jul 22, 2019 · Jul 22, 2019 · Jul 22, 2019
diff --git a/docs/en/stack/security/troubleshooting.asciidoc b/docs/en/stack/security/troubleshooting.asciidoc
@@ -431,64 +431,23 @@ Authentication in {kib} fails and the following error is printed in the {es}
 logs:
 
 ....
-Cannot find any matching realm for [SamlPrepareAuthenticationRequest{realmName=null,
+Cannot find any matching realm for [SamlPrepareAuthenticationRequest{realmName=saml1,
 assertionConsumerServiceURL=https://my.kibana.url/api/security/v1/saml}]
 ....
 
 *Resolution:*
 
-{es}, {kib} and your Identity Provider need all have the same view on what the
-Assertion Consumer Service URL of the SAML Service Provider is.
+In order to initiate a SAML authentication, {kib} needs to know which SAML realm
+it should use from the ones that are configured in {es}. You can use the
+`xpack.security.authc.saml.reaml` setting to explicitly set the SAML realm name
+in {kib}. It must match the name of the SAML realm that is configured in {es}.  
 
-.. {es} discovers this via the `sp.acs` setting in your {es} SAML realm configuration
-.. {kib} constructs this value using the `server.host` and `server.port` in 
-`kibana.yml`. For instance:
-+
-[source, shell]
------------------------------------------------
-server.host: kibanaserver.org
-server.port: 3456
------------------------------------------------
-+
-These settings would mean that {kib} would construct the Assertion Consumer
-Service URL as `https://kibanaserver.org:3456/api/security/v1/saml`. However,
-if for example, {kib} is behind a reverse proxy and you have configured the
-following  `xpack.security.public.*` settings:
-+
-[source, shell]
------------------------------------------------
-xpack.security.public:
-  protocol: https
-  hostname: kibana.proxy.com
-  port: 8080
------------------------------------------------
-+
-These settings would instruct {kib} to construct the Assertion Consumer Service
-URL as `https://kibana.proxy.com:8080/api/security/v1/saml`
+If you get an error like the one above, it possibly means that the value of 
+`xpack.security.authc.saml.reaml` in your {kib} configuration is wrong. Verify
+that it matches the name of the configured realm in {es}, which is the string
+after `xpack.security.authc.realms.saml.` in your {es} configuration.
 
-.. The SAML Identity Provider is either explicitly configured by the IdP
-administrator or consumes the SAML metadata that are generated by {es} and as
-such contain the same value for the
-as the one
-that is configured in the the `sp.acs` setting in the {es} SAML realm
-configuration. 
 --
-+
-The error encountered here indicates that the Assertion Consumer Service URL
-that {kib} has constructed via one of the aforementioned ways
-(`https://my.kibana.url/api/security/v1/saml`) is not the one that {es} is
-configured with. Note that these two URLs are compared as case-sensitive strings
-and not as canonicalized URLs.
-+
-Often, this can be resolved by changing the `sp.acs` URL in `elasticearch.yml`
-to match the value that {kib} has constructed. Note however, that the SAML IdP
-configuration needs to also be adjusted to reflect this change.
-+
-Alternatively, if you think {kib} is using the wrong value for the Assertion
-Consumer Service URL, you will need to change the configuration in `kibana.yml`
-by adjusting either the `server.host` and `server.port` to change the URL {kib}
-listens to or the `xpack.security.public.*` settings to make {kib} aware about
-its correct public URL.
 
 . *Symptoms:*
 +