Sending metadata with external users

I have a scenario where the OpenID Connect users (external users) login to elastic search cloud. Is there a way to send some metadata along with the external user using an API ?

To explain clearly, I've given an example below.

I have an oidc user (external user) 'ext User1' who login to elastic cloud. External users are not shown in the list of users in Kibana stack management under security.
It shows internal users only.

For the internal users, we can GET user info(metadata ) using an API.
In 'testuser1', I added some metadata using an API and I could see the added data in response.

My question is-

  1. Is there a way I can send metadata with external users in an API like we are able to do for internal users?
  2. Is there an endpoint to GET the list of external users in Kibana?

Thanks in advance.

In a default configuration, Elastic does not store any local data about users coming from external sources.

So, there is no way to list external users, or store metadata for them because nothing exists locally.

You have 2 options:

  1. You can provide metadata for users from your OIDC OP to the Elastic Stack as part of the OIDC claims. If the data you want to use is in your OIDC security provider, then you can configure that system to pass it across when users authenticate
  2. You can create local native users for your OIDC users and use Elasticsearch authorization_realms support so that very OIDC user is actually an internal native user.

Hi Tim,
thanks for the reply.

can you send some example steps for the second point(create local native users for your OIDC users)?
This might really solve our purpose.

Thanks again.

This shows various examples, around Kerberos and LDAP, but in your case you'd want to set your oidc realm to have authorization_realms pointing to your native realm.

Hi Tim
Sorry for the late reply.

Thanks for your help!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.