Open rafi0101 opened 8 months ago
Pinging @elastic/es-security (Team:Security)
We are hit hard by this, we have now limited the ad-groups to security groups in azure ad, but there is still a lot of users that can not access Kibana. I'm one of them and it is forcing us look for alternatives.
We are facing this issue as well, It would be nice get solution to this
Elasticsearch Version
8.8.1
Installed Plugins
No response
Java Version
/usr/share/elasticsearch/jdk/bin/java --version = 20.0.1
OS Version
Debian 11 5.10.205-2
Problem Description
I am using Kibana/Elasticsearch with Oidc (Microsoft Azure) for authentication. Currently I have the problem that not all defined role mappings are working correctly. We are using Azure groups in role mappings to assign users to specific Kibana roles.
9 out of 10 users can log in and work without any problems. However, user 10 is problematic. Some users in our organization are in many AD groups >250
And then the JWT token in the groups section is empty and points to another endpoint to retrieve all groups this user is assigned to.
And I think Kibana does nothing with this information and thinks this user is not a member of any group.
I have also addressed this as a support case but almost a year later nothing happenend: #01312479 (5008X00002J8locQAB) and here: https://discuss.elastic.co/t/kibana-oidc-azure-role-assignment-not-working-too-many-groups/350568
Steps to Reproduce
Logs (if relevant)
No response