Hi,
I have a scenario where the OpenID Connect users (external users) login to elastic search cloud. Is there a way to send some metadata along with the external user using an API ?
To explain clearly, I've given an example below.
I have an oidc user (external user) 'ext User1' who login to elastic cloud. External users are not shown in the list of users in Kibana stack management under security.
It shows internal users only.
For the internal users, we can GET user info(metadata ) using an API.
In 'testuser1', I added some metadata using an API and I could see the added data in response.
My question is-
Is there a way I can send metadata with external users in an API like we are able to do for internal users?
Is there an endpoint to GET the list of external users in Kibana?
In a default configuration, Elastic does not store any local data about users coming from external sources.
So, there is no way to list external users, or store metadata for them because nothing exists locally.
You have 2 options:
You can provide metadata for users from your OIDC OP to the Elastic Stack as part of the OIDC claims. If the data you want to use is in your OIDC security provider, then you can configure that system to pass it across when users authenticate
You can create local native users for your OIDC users and use Elasticsearch authorization_realms support so that very OIDC user is actually an internal native user.
This shows various examples, around Kerberos and LDAP, but in your case you'd want to set your oidc realm to have authorization_realms pointing to your native realm.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
