Today, we use mock SAML IDP in Serverless for local development and running tests on CI with SAML-authenticated users to be as close to the production setup as possible. To assign a specific role to a SAML-authenticated user on the fly, we need a role mapping. Currently, we create the mapping using the ES role mapping API. The problem is that this API is disabled in Serverless, and we have to manually re-enable it just to support mock IDP, which isn't ideal. Instead, we should rely on a file definition of the mapping in the settings.json file:
Summary
Today, we use mock SAML IDP in Serverless for local development and running tests on CI with SAML-authenticated users to be as close to the production setup as possible. To assign a specific role to a SAML-authenticated user on the fly, we need a role mapping. Currently, we create the mapping using the ES role mapping API. The problem is that this API is disabled in Serverless, and we have to manually re-enable it just to support mock IDP, which isn't ideal. Instead, we should rely on a file definition of the mapping in the
settings.json
file:This file should be mounted to ES container at
config/operator/settings.json
path.