[DOCS] Adjust role mapping docs for SAML (#37083)

Explicitly mention that file based role mappings cannot be used with
the SAML realm.
This commit is contained in:
Ioannis Kakavas 2019-01-04 08:26:41 +02:00 committed by GitHub
parent ac1c6940d2
commit 3c12c372d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 6 deletions

View File

@ -218,12 +218,12 @@ When a user authenticates using SAML, they are identified to the {stack},
but this does not automatically grant them access to perform any actions or
access any data.
Your SAML users cannot do anything until they are mapped to roles. See
{stack-ov}/saml-role-mapping.html[Configuring role mappings].
Your SAML users cannot do anything until they are assigned roles. This can be done
through either the {stack-ov}/saml-role-mapping.html[role mapping API], or with
{stack-ov}/realm-chains.html#authorization_realms[authorization realms].
NOTE: The SAML realm supports
{stack-ov}/realm-chains.html#authorization_realms[authorization realms] as an
alternative to role mapping.
NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
to grant roles to users authenticating via SAML.
--

View File

@ -620,11 +620,14 @@ When a user authenticates using SAML, they are identified to the Elastic Stack,
but this does not automatically grant them access to perform any actions or
access any data.
Your SAML users cannot do anything until they are assigned roles. This is done
Your SAML users cannot do anything until they are assigned roles. This can be done
through either the
{ref}/security-api-put-role-mapping.html[add role mapping API], or with
<<authorization_realms, authorization realms>>.
NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
to grant roles to users authenticating via SAML.
This is an example of a simple role mapping that grants the `kibana_user` role
to any user who authenticates against the `saml1` realm: