Add Issuer to SAML WARN log events

[n1v0lg]

Description

To aid debugging, we can extend our current WARN log messages for the SAML realm to include the issuer (if available). This will make it easier to diagnose false positive log messages (e.g., around signature validation failure) for deployments that have multiple SAML realms configured.

We should also improve our SAML common issues docs to mention that the WARN log can be benign in multi-realm setups.

[elasticsearchmachine]

Pinging @elastic/es-security (Team:Security)

[rseldner]

I see a PR for 9.1.0 has merged. 🚀
Any chance that can get back-ported to 8.x?

[richard-dennehy]

Sure, backports created:

• [8.x] Add Issuer to failed SAML Signature validation logs when available (#126310) #127218
• [9.0] Add Issuer to failed SAML Signature validation logs when available (#126310) #127219
• [8.18] Add Issuer to failed SAML Signature validation logs when available (#126310) #127220
• [8.17] Add Issuer to failed SAML Signature validation logs when available (#126310) #127221

[rseldner]

Awesome! TY!