[DOCS] Adjust role mapping docs for SAML (#37083)

Explicitly mention that file based role mappings cannot be used with
the SAML realm.
This commit is contained in:
Ioannis Kakavas 2019-01-04 08:26:41 +02:00 committed by GitHub
parent ac1c6940d2
commit 3c12c372d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 6 deletions

View File

@ -218,12 +218,12 @@ When a user authenticates using SAML, they are identified to the {stack},
but this does not automatically grant them access to perform any actions or but this does not automatically grant them access to perform any actions or
access any data. access any data.
Your SAML users cannot do anything until they are mapped to roles. See Your SAML users cannot do anything until they are assigned roles. This can be done
{stack-ov}/saml-role-mapping.html[Configuring role mappings]. through either the {stack-ov}/saml-role-mapping.html[role mapping API], or with
{stack-ov}/realm-chains.html#authorization_realms[authorization realms].
NOTE: The SAML realm supports NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
{stack-ov}/realm-chains.html#authorization_realms[authorization realms] as an to grant roles to users authenticating via SAML.
alternative to role mapping.
-- --

View File

@ -620,11 +620,14 @@ When a user authenticates using SAML, they are identified to the Elastic Stack,
but this does not automatically grant them access to perform any actions or but this does not automatically grant them access to perform any actions or
access any data. access any data.
Your SAML users cannot do anything until they are assigned roles. This is done Your SAML users cannot do anything until they are assigned roles. This can be done
through either the through either the
{ref}/security-api-put-role-mapping.html[add role mapping API], or with {ref}/security-api-put-role-mapping.html[add role mapping API], or with
<<authorization_realms, authorization realms>>. <<authorization_realms, authorization realms>>.
NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
to grant roles to users authenticating via SAML.
This is an example of a simple role mapping that grants the `kibana_user` role This is an example of a simple role mapping that grants the `kibana_user` role
to any user who authenticates against the `saml1` realm: to any user who authenticates against the `saml1` realm: