@ikakavas Yes I'm considering value of groups attribute to do role mappings for SAML. I have followed this
https://www.elastic.co/guide/en/elastic-stack-overview/6.7/saml-role-mapping.html
I'm able to do mappings with username but not with groups.
The below works-
PUT _security/role_mapping/saml-kibana' -H 'Content-Type: application/json' -d'
{
"roles": [ "events-admin" ],
"enabled": true,
"rules": { "all": [
{ "field": { "realm.name": "saml1" } },
{ "field": { "username": "rgujral@apple.com" } }
]}
}'
But not when I try to map group for accessing saml (already mapped in IDP)
PUT _security/role_mapping/saml-kibana-group" -H 'Content-Type: application/json' -d'
{
"roles": [ "superuser" ],
"enabled": true,
"rules": { "all": [
{ "field": { "realm.name": "saml1" } },
{ "field": { "groups": "10606723" } }
]
}
}'