Open zbalkan opened 2 years ago
Hi @zbalkan ,
To be able to have the backend roles configured and successfully sent to wazuh-dashboard, you need to follow these steps:
Create the desired roles in your realm's roles
tab. In this example I will use the roles admin
and all_access
:
Add those roles to the user that you will use to log in from the users
tab of your realm, and the Role mappings
tab of your user. In this example, the user is wazuh
:
Inside your client configuration, go to mappers
and select realm_roles
. Inside that, you will see a field named Token Claim Name
. That field is the name that should go on roles_key
inside your config.yml
.
In this example the Token Claim Name is role
, and therefore the config.yml
file should contain that name. For example
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
subject_key: preferred_username
roles_key: role
openid_connect_url: https://<OIDC provider>/auth/realms/<realm>/.well-known/openid-configuration
authentication_backend:
type: noop
With that configuration, you will be able to see the backend roles once you log in
I hope you find this information helpful. Regards,
Hello,
same problem, impossible to set up an sso with keycloak in either saml or oidc :/
always a 401 unauthorized error
Description When OpenID Connect is set up, the roles_mapping.xml does not handle the mapping for OIDC roles.
Preconditions
admin
andoperator
on OIDC provider.Steps to reproduce
Expected Result
Actual Result
Screenshots General setup
OIDC Roles
Default Scopes
Error screen
Additional context _/etc/wazuh-dashboard/opensearchdashboards.yml
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml
_/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/rolesmapping.yml
Edit: typos