Thanks for this, now able to login after mapping users to roles.
But noticed one thing that, if after some time I retry to login to my application and try to access the dashboard, I get the same following error as before:
Now, if I re-download the metadata file from WSO2 IS and reset all the singlesignon URLs, save everything and restart the servers, it works again - able to login.
Do we need to download the metadata file after certain durations or is there some configuration issue? Could you please advise?
There is nothing on the Elasticsearch side that would override the metadata assuming you use
idp.metadata.path: saml/idp-metadata.xml
as you indicated. It looks like something on your side is overwriting that file or your WSO2 IS is changing configuration at some point. Either way there is nothing we could help you with regarding this issue.
Good to hear ! Please note that if
a) If the metadata are prone to change often or have a short validity time and
b) your IDP is hosting the metdata file at an https URL that can be reached from the Elasticsearch nodes
you can set the the URL in the SAML realm configuration of Elasticsearch as such
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.