How to set up a role level security with oidc

SRIGURU_VEL · August 26, 2021, 1:42pm

HI Experts,
I have configured and Integrated Elasticsearch and Keycloak via Xpack. Previously I used Searchguard Instead of Xpack. In that We used role level security and it was working fine till now. But in Xpack I dont know how to work like that. I will Share my Searchguard Queries

PUT _searchguard/api/roles/SGS_addressnumber
{
"index_permissions": [
{
"index_patterns": [
"indexname"
],
"dls": """{"terms" : { "attribute1.svalue" : [${user.roles}]}}"""
}
]
}

 


PUT _searchguard/api/rolesmapping/SGS_addressnumber
{
"backend_roles" : [
"addressnumber"
]
}

 

PUT _searchguard/api/rolesmapping/SGS_ALL_ACCESS
{
"backend_roles" : [
"admin",
"addressnumber"
]
}

We Post these queries and Add a addressnumber and addressnumber value like(1001) in client role in keycloak and it should fetch that exact value .

My question is "How to Post a query in xpack like this? and how to set keycloak client role as a condition to search?"

alisongoryachev · August 26, 2021, 2:23pm

Hi @SRIGURU_VEL!

I would recommend taking a look at our documentation for configuring Elasticsearch for OIDC. If you have any follow-up questions, would you mind asking in the Elasticsearch Discuss forum?

Yang_Wang · August 30, 2021, 12:33am

It seems that you are after some combination of Document Level Security and role query template?

SRIGURU_VEL · August 31, 2021, 9:35am

hi @Yang_Wang ,

thanks for the response. yes I need a query to filter data from an index and that filter condition should me assigned via keycloak.
till now I didnot found exact solution.

thanks,
Sriguruvel.

system · September 28, 2021, 9:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.