I am trying to configure SSO in On-premises Elasticsearch setup. After configuring SAML (Azure AD) users are able to login to domain password. But users are not been restricted based the roles which i defined. If i set only one role to view one set of indexes alone, it works fine as expected. if I add other Role mapping to allow users to view selective indexes, it consider both roles and whatever usesr I am adding at AD end it give both permission to them.
These are working fine for local users, but this issue persist only on SAML configs. Please help to fix this.