Dynamic filtering of indices based on SAML attributes

Elastic Stack Kibana
1

I want to dynamically filter a dashboard based on a user's SAML attributes. Here are the basics of my attempts so far...

I've setup a special field in my user's metadata, we'll call it filter_id. If you hit the authenticate endpoint (GET /_security/_authenticate) it returns back a lot of attributes, here's an abbreviated version...

{
  "username" : "jane.doe@gmail.com",
  "roles" : [
    "hub-test"
  ],
  "metadata" : {
    "saml(http://schemas.auth0.com/filter_id)" : [
      "special-filter-id"
    ],
  },
  ...
}

The hub-test role allows us to access all indices such as `listings_*. And within the granted documents query we limit access based on saml attribute. here's a screenshot of what that looks like in Kibana...

image
image1988×986 65.5 KB

All should be good right? Nope :frowning: With a simple dashboard that displays the total count, 0 documents are returned. Now if I remove the {{ }} dynamic insertion and hard code the value of filter_id as it was received from the GET /_security/_authenticate endpoint above ("special-filter-id"), voila! We get 77 documents. Here is a screenshot showing that setup and the resulting dashboard

image
image2068×986 120 KB

image
image1410×886 42 KB

With all the background info and setup out of the way, here's my question...how can I get this working properly?! I've tried numerous incantations to get the SAML attribute correctly inserted into the template query, but no luck so far. Perhaps I need to configure my IDP (auth0) to massage the attributes into a form that Kibana can understand?? Any help would be greatly appreciated on this matter.

2

Following up on my own thread as I've resolved my issue.

Turns out, mustache doesn't like the "out of the box" saml attributes so I had to remap the attributes in Auth0 to be friendly. By removing the dots and slashes and grabbing the first item from the array (unsuccessful getting auth0 to send a string rather than an array of strings) elastic was able to successfully parse the template. Here is what it ended up looking like...

{"template" : {
          "source" : {
            "term" : { "_index" : "{{_user.metadata.saml(saml_filter_id).0}}"}
          }
        }
}
1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.