Configuration user name and rol from Azure AD

POR16734 · May 17, 2024, 8:55pm

Hello everyone,

I have a question I am configuring all access to ElasticCloud at kibana level with the active directory of Azure already have connection and this all perfect the doubt is the following:

how can I assign the name and email correctly when the user performs in kibana log in ?

currently the username that shows the application is the email.

When I make the query with the authentication api yields the following information:

GET /_security/_authenticate

{
  "username": "adewxz@myempre.com",
  "roles": [
    "Kibana_Access",
    "superuser"
  ],
  "full_name": null,
  "email": null,
  "metadata": {
    "saml(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)": [
      "Terry Mon"
    ],
    "saml(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)": [
      "adewxz@myempre.com"
    ],
    "saml(http://schemas.microsoft.com/claims/authnmethodsreferences)": [
      "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password"
    ],
    "saml(http://schemas.microsoft.com/identity/claims/objectidentifier)": [
      "3f009421-1a47-6784-1234-4ec1842c6d88"
    ],
    "saml_nameid_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
    "saml(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname)": [
      "Marcus Maracus"
    ],
    "saml(http://schemas.microsoft.com/ws/2008/06/identity/claims/groups)": [
      "b3e536b8-f654-1233-9e93-1ba1f68bf444",
      "095c28fd-ef5b-46a2-88af-76c123c004b0"
    ],
    "saml(http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)": [
      "POR16734@porvenir.com.co"
    ],
    "saml_nameid": "POR16734@porvenir.com.co",
    "saml(http://schemas.microsoft.com/identity/claims/identityprovider)": [
      "https://sts.windows.net/10a22222-88f6-46a2-4567-31bd8b76f654/"
    ],
    "saml(http://schemas.microsoft.com/identity/claims/tenantid)": [
      "10a76712-9089-uiio-4545-31bd8b76f676"
    ],
    "saml(http://schemas.microsoft.com/identity/claims/displayname)": [
      "Marcus Maracus Terry Mon"
    ]
  },
  "enabled": true,
  "authentication_realm": {
    "name": "kibana-realm",
    "type": "saml"
  },
  "lookup_realm": {
    "name": "kibana-realm",
    "type": "saml"
  },
  "authentication_type": "token"
}

My configuration in rol Mapping:

{
  "all": [
    {
      "field": {
        "realm.name": "kibana-realm"
      }
    },
    {
      "field": {
        "username": [
          "<firstname.lastname>"
        ]
      }
    },
    {
      "field": {
        "groups": "095c28fd-ef5b-46a2-88af-76c123c004b0"
      }
    }
  ]
}

Topic		Replies	Views
Azure Active directory, SAML authentication Elasticsearch elastic-stack-security	6	2553	May 10, 2019
Kibana SAML integration with Azure Kibana elastic-stack-security	7	711	March 18, 2020
Azure AD authentication to Kibana Elasticsearch elastic-stack-security	8	4450	June 30, 2020
Azure AD Kibana Kibana elastic-stack-security	2	439	December 2, 2019
Elastic Cloud Kibana with Single Sign On from Azure Active Directory Kibana	7	2971	May 20, 2020

Configuration user name and rol from Azure AD

Related topics