From 5a445c82fb643d20996d5e33e5ff0f7114f2decc Mon Sep 17 00:00:00 2001 From: lcawley Date: Fri, 16 Feb 2018 09:58:34 -0800 Subject: [PATCH] [DOCS] Fixed broken role mapping link Original commit: elastic/x-pack-elasticsearch@97b8fae993a51f96c100040e3b5470a6f414b6af --- docs/en/security/authentication/saml-guide.asciidoc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/en/security/authentication/saml-guide.asciidoc b/docs/en/security/authentication/saml-guide.asciidoc index 0567d00ffd9..cc4cb183b84 100644 --- a/docs/en/security/authentication/saml-guide.asciidoc +++ b/docs/en/security/authentication/saml-guide.asciidoc @@ -86,7 +86,7 @@ configure the HTTP interface to use SSL/TLS before you can enable SAML authentication. For more information, see -{ref}/configuring-tls.html#tls-http[Encrypting HTTP Client Communications]. +{ref}/configuring-tls.html#tls-http[Encrypting HTTP Client Communications]. ==== Enable the Token Service @@ -614,7 +614,7 @@ PUT /_xpack/security/role_mapping/saml-kibana The attributes that are mapped via the realm configuration are used to process role mapping rules, and these rules determine which roles a user is granted. -The <> that are provided to the role +The user fields that are provided to the role mapping are derived from the SAML attributes as follows: - `username`: The `principal` attribute @@ -622,6 +622,9 @@ mapping are derived from the SAML attributes as follows: - `groups`: The `groups` attribute - `metadata`: See <> +For more information, see <> and +{ref}/security-api-role-mapping.html[Role Mapping APIs]. + If your IdP has the ability to provide groups or roles to Service Providers, then you should map this SAML attribute to the `attributes.groups` setting in the {es} realm, and then make use of it in a role mapping as per the example