[DOCS] Adjust role mapping docs for SAML (#37083)
Explicitly mention that file based role mappings cannot be used with the SAML realm.
This commit is contained in:
parent
ac1c6940d2
commit
3c12c372d0
|
@ -218,12 +218,12 @@ When a user authenticates using SAML, they are identified to the {stack},
|
||||||
but this does not automatically grant them access to perform any actions or
|
but this does not automatically grant them access to perform any actions or
|
||||||
access any data.
|
access any data.
|
||||||
|
|
||||||
Your SAML users cannot do anything until they are mapped to roles. See
|
Your SAML users cannot do anything until they are assigned roles. This can be done
|
||||||
{stack-ov}/saml-role-mapping.html[Configuring role mappings].
|
through either the {stack-ov}/saml-role-mapping.html[role mapping API], or with
|
||||||
|
{stack-ov}/realm-chains.html#authorization_realms[authorization realms].
|
||||||
|
|
||||||
NOTE: The SAML realm supports
|
NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
|
||||||
{stack-ov}/realm-chains.html#authorization_realms[authorization realms] as an
|
to grant roles to users authenticating via SAML.
|
||||||
alternative to role mapping.
|
|
||||||
|
|
||||||
--
|
--
|
||||||
|
|
||||||
|
|
|
@ -620,11 +620,14 @@ When a user authenticates using SAML, they are identified to the Elastic Stack,
|
||||||
but this does not automatically grant them access to perform any actions or
|
but this does not automatically grant them access to perform any actions or
|
||||||
access any data.
|
access any data.
|
||||||
|
|
||||||
Your SAML users cannot do anything until they are assigned roles. This is done
|
Your SAML users cannot do anything until they are assigned roles. This can be done
|
||||||
through either the
|
through either the
|
||||||
{ref}/security-api-put-role-mapping.html[add role mapping API], or with
|
{ref}/security-api-put-role-mapping.html[add role mapping API], or with
|
||||||
<<authorization_realms, authorization realms>>.
|
<<authorization_realms, authorization realms>>.
|
||||||
|
|
||||||
|
NOTE: You cannot use {stack-ov}/defining-roles.html#roles-management-file[role mapping files]
|
||||||
|
to grant roles to users authenticating via SAML.
|
||||||
|
|
||||||
This is an example of a simple role mapping that grants the `kibana_user` role
|
This is an example of a simple role mapping that grants the `kibana_user` role
|
||||||
to any user who authenticates against the `saml1` realm:
|
to any user who authenticates against the `saml1` realm:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue