Super user Role not working for SAML users

We are in the process of setting up SAML authentication with ELK. From Elastic Search, we are integrating with OneLogin, The integreation is successful and I am able to login with SAML user. I have given the role of superuser to the SAML user (by logging as elastic).

When I login as the saml user, I am able to access all the menus in the "Management" tab except the Users and Roles for which I am getting

Permission denied

You do not have permission to manage users.

Kindly let me know how this can be resolved

What do you mean by this?
That your OneLogin user is called elastic?
That doesn't make them a superuser. Users are contained entirely within their own realms, so the builtin elastic user is not the same as a saml elastic user.
The only way to make a SAML user a superuser is to grant them that role through the role-mapping API in Elasticsearch.

No, My onelogin user name is not elastic. What I meant is, I provided super user role to my saml user by logging in to Kibana and adding roles through the management tab.

I tried setting up the role through Role Mapping API and it worked :slight_smile:

Wonder why its not working when setting it up through Kibana Management menu

This is the same reason as above - when you assign roles in the Kibana Management UI, you were acting on a user in the "native" realm, not the saml realm.
It short, the "hanciv" user in that UI is unrelated to a "hanciv" user that authenticates via SAML.

Thanks, got it. So i dont have to provision the users locally in Kibana if they are coming through saml realm..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.