Get Shield to recognize the user using PKI auth

Elastic Stack Elasticsearch
1

I am currently using Shield to auth users with PKI. Currently when a user with a CN: John Doe jdoe navigates to /_search, the exception:

type: security_exception
reason: action [indices:data/read/search] is unauthorized for user [John Doe jdoe]

In the access log, it shows that

access_denied, principal = [John Doe jdoe], action = [indices:data/read/search], indices=

How do I create a role for this user and assign it to this user so shield can recognize it and show the appropriate data? I tried to add it in users_roles.yml like below:

admin:John Doe jdoe, es_admin

But have no luck. Is it because the empty spaces or other problems?

2

Hi @kqpr0,

You need to edit the role_mapping.yml file to add a mapping to a role base on the DN of your certificate. Please see https://www.elastic.co/guide/en/shield/current/pki-realm.html#assigning-roles-pki

1 Like