How to use ldap realm for authorisation for SAML realm

Ronnie16 · June 11, 2019, 3:45pm

@ikakavas Yes I'm considering value of groups attribute to do role mappings for SAML. I have followed this
https://www.elastic.co/guide/en/elastic-stack-overview/6.7/saml-role-mapping.html

I'm able to do mappings with username but not with groups.
The below works-

PUT _security/role_mapping/saml-kibana' -H 'Content-Type: application/json' -d'
{
"roles": [ "events-admin" ],
"enabled": true,
"rules": { "all": [
{ "field": { "realm.name": "saml1" } },
{ "field": { "username": "rgujral@apple.com" } }
]}
}'

But not when I try to map group for accessing saml (already mapped in IDP)

PUT _security/role_mapping/saml-kibana-group" -H 'Content-Type: application/json' -d'
{
"roles": [ "superuser" ],
"enabled": true,
"rules": { "all": [
{ "field": { "realm.name": "saml1" } },
{ "field": { "groups": "10606723" } }
] 
} 
}'

Topic		Replies	Views
Failed to authenticate user with ldap realm using role mapping api Elasticsearch elastic-stack-security	5	520	November 27, 2020
Delegate Authorization from Saml Kibana elastic-stack-security	4	506	August 5, 2022
SAML SSO - Associate the roles to the user (not groups) Elasticsearch elastic-stack-security	6	1305	November 28, 2018
Realm discovery with SAML integration Elasticsearch elastic-stack-security	7	756	August 8, 2019
After enabling SAML Role mapping not working Elasticsearch elastic-stack-security	4	511	November 4, 2021

How to use ldap realm for authorisation for SAML realm

Related topics