Hi there,
I am using ES Cloud and trying to setup "SSO" with OpenID Connect.
I have managed to connect my IdentityProvider (GitHub) to ElasticSearch through Auth0 (Which does the translation to provide ES with OpenID JWT).
In the end, when I log-in as a User with OpenID authentication realm:
- I can not see any documents from the indices I have (
filebeat-*
,logs-*
,metricbeat-*
), which I can see when logged as SuperUser
Here are some info I get from the DevTools
GET /_security/_authenticate
{
"username" : "xakraz@gmail.com",
"roles" : [
"monitoring_user",
"machine_learning_user",
"kibana_admin"
],
"full_name" : null,
"email" : null,
"metadata" : {
"oidc(iss)" : "https://MY-DOMAIN.eu.auth0.com/",
"oidc(email)" : "xakraz@gmail.com",
"oidc(sub)" : "github|1590399",
"oidc(name)" : "Xavier Krantz",
"oidc(picture)" : "https://avatars0.githubusercontent.com/u/1590399?v=4",
"oidc(aud)" : [ REDACTED ],
"oidc(CUSTOM_CLAIM_1)" : [ ],
"oidc(id_token_hint)" : "REDACTED",
"oidc(nickname)" : "xakraz",
"oidc(CUSTOM_CLAIM_2)" : [ ],
"oidc(CUSTOM_CLAIM_3)" : [ ],
"oidc(CUSTOM_CLAIM_3)" : [ ],
"oidc(updated_at)" : "2020-08-25T10:32:41.412Z"
},
"enabled" : true,
"authentication_realm" : {
"name" : "MY_REALM",
"type" : "oidc"
},
"lookup_realm" : {
"name" : "MY_REALM",
"type" : "oidc"
}
}
Any idea ?