-
Notifications
You must be signed in to change notification settings - Fork 176
Saml, AzureAD and roles #35
Comments
Hi @Adelbertt, when you said "...we confirmed we can Authenticate..." are you talking about Basic Auth or SAML Auth?
|
SAML For the roles im still testing, seems we can't define roles_key containing : so im trying something like schemas.microsoft.com/identity/claims/tenantid, User is still getting missing tenant, The roles name should be a backend role in the roles mapping right? |
We see the roles we attributed to the user in the SAML response, but i think our problem is that we aren't sure how we can map the role inside the plugin to allow a tenant and such. Thanks |
So apparently this would be one of the problem...
|
@Adelbertt this happens because your SAML response doens't have this
You need to add
Yeah, the roles you retrieve from |
So inspecting the JWT ... |
So i changed the syntax on the roles_keys and now we are retrieving the roles in the JWT.
After that we were able to assign the backend_role to a roles_mapping and everything works ! |
Hi,
We've deployed OD, we confirmed we can Authenticate and manage roles inside Kibana's GUI. We tried to assigne user according to roles/group they are part inside our AzureAD but we were unsuccessful. To us it seems we need to configure the authz sections but since we are using Azure we do not know how we can configure OD to retrieve the roles/group. Everything we do ends up having the user get Missing Tenant error.
SAML responde w/ Claim
The text was updated successfully, but these errors were encountered: