Getting "You do not have permission to access the requested page" after configuring SSO

Hi, I have configured SSO using the guide here: Configuring SAML single-sign-on on the Elastic Stack | Elasticsearch Guide [7.12] | Elastic
I also did role mapped my AD group to the role "superuser", when I try to login using Kibana, I see the above error after logging in.

The most possible reasons is that your role mapping is wrong or that your user is not in the AD group or that your IDP is not sending the group membership as a SAML attribute or that it is sending it using a different attribute than the one you are mapping with attributes.groups . You'd need to share a bit more information for someone to be able to help you meaningfully.

  • What is the role mapping definition ?
  • What is your SAML Realm configuration
  • You can enable SAML trace logging as shown in Common SAML issues | Elasticsearch Guide [7.12] | Elastic and then you can see exactly how the SAML response from your IDP looks like and if it has the information you need

There was a typo in the SAML configuration.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.