Hello all,
I'm experiencing a problem with role mapping after successful OIDC authentication. My OP provides ID Token where the following data about user can be found (copied from ES log):
\"resource_access\":{\"kibana\":{\"roles\":[\"administrator\"]}}
In accordance with ES documentation, I put the following line to OIDC realm definition in ES configuration (docker compose environment section):
- xpack.security.authc.realms.oidc.oidc1.claims.groups=resource_access.kibana.roles
And i created my role mapping like this:
PUT _security/role_mapping/oidc-users
{
"enabled": true,
"roles": [
"superuser",
"monitoring_user",
"kibana_admin",
"editor"
],
"rules": {
"all": [
{"field": {"realm.name": "oidc1"}},
{"field": {"groups": "administrator"}}
]
}
}
However, this doesn't work. Replacing the "groups" in role mapping definition with "resource_access.kibana.roles" also doesn't work. What does work is any other field from ID token, but I need to get to this specific array. Could someone please tell me how?
Thank you.