Hi,
I have been debugging this. Added few roles. However, the result from AD is not getting mapped properly.
{"type": "server", "timestamp": "2019-11-14T09:21:33,380+0000", "level": "TRACE", "component": "o.e.x.s.a.s.SamlAuthenticator", "cluster.name": "elasticsearch", "node.name": "elasticsearch-master-1", "cluster.uuid": "HMg1OHjeStyagiftRLnf4A", "node.id": "_UsU_--ZQLGsvwtUla5udA", "message": "*SAML AttributeStatement has [2] attributes* and [0] encrypted attributes" }
{"type": "server", "timestamp": "2019-11-14T09:21:33,380+0000", "level": "TRACE", "component": "o.e.x.s.a.s.SamlAuthenticator", "cluster.name": "elasticsearch", "node.name": "elasticsearch-master-1", "cluster.uuid": "HMg1OHjeStyagiftRLnf4A", "node.id": "_UsU_--ZQLGsvwtUla5udA", "message": "The SAML Assertion contained the following attributes: \nNameId=[ram-elk]\nhttp://schemas.microsoft.com/ws/2008/06/identity/claims/role=[Domain Users, elkgroup]\n" }
{"type": "server", "timestamp": "2019-11-14T09:21:33,381+0000", "level": "DEBUG", "component": "o.e.x.s.a.s.SamlRealm", "cluster.name": "elasticsearch", "node.name": "elasticsearch-master-1", "cluster.uuid": "HMg1OHjeStyagiftRLnf4A", "node.id": "_UsU_--ZQLGsvwtUla5udA", "message": "Parsed token [SamlToken{3c73616d6c703a526573706f6e73652049443d225f65353536663132302d393130362d343866332d626333332d31653236643763323231636222205665727369...}] to attributes [*SamlAttributes(null)[null]*{[NameId=[ram-elk], http://schemas.microsoft.com/ws/2008/06/identity/claims/role=[Domain Users, elkgroup]]}]" }
Though the ADFS is sending the name and the groups details and I have the role mapping as you mentioned for elkgroup, the saml attributes are not mapped accordingly.
SamlAttributes(null)[null] . Now I have a test ADFS server ready, hence I have tried multiple options to try mapping. However, attributes are not mapping accordingly
Could you guide me please?
Ram