JWT roles from nested key
24 views
Skip to first unread message
kleis
Mar 11, 2019, 1:18:04 PM3/11/19
to Search Guard Community Forum
Hello,
I use elasticsearch 6.3.2 with searchguard 6.24 and need to extract roles from a JWT that are contained in a nested key with following syntax:
"roles": [
"foo",
"cat"
]
}
I tried it with following configurations, but both result in failures:
enabled: true
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: xzy
subject_key: "username"
roles_key: "realm_access"
authentication_backend:
type: noop
jwt_auth_domain:
enabled: true
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: xzy
subject_key: "username"
roles_key: "realm_access.roles"
authentication_backend:
type: noop
Is there a possibility to specifiy the nested key as roles field?
Thank you in advance!
Jochen Kressin
Mar 12, 2019, 1:22:29 PM3/12/19
to Search Guard Community Forum
Hi,
no, unfortunately at the moment nested keys are not supported. We have it in the backlog, however, there is no ETA yet.
Wyllys Ingersoll
Mar 13, 2019, 4:22:03 PM3/13/19
to Search Guard Community Forum
Hopefully this moves up the queue quickly. Not having this ability makes it pretty useless to use JWT tokens since not being able to access the backend roles severely limits the usefulness of the JWT authc/authz feature.
SG
Apr 2, 2019, 8:40:20 AM4/2/19
to mchakradeo via Search Guard Community Forum
Search Guard Community Forum - We are moving!
We are moving the Search Guard Community Forum to a new home:
https://forum.search-guard.com/
All content hosted has been migrated to the new forum.
Starting from 2019/03/30 please ask your questions on https://forum.search-guard.com/ only.
The Google Group forum will not be maintained anymore.
Thanks!
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/f3afe752-f2e1-4e31-8c2a-2464fee127ca%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
We are moving the Search Guard Community Forum to a new home:
https://forum.search-guard.com/
All content hosted has been migrated to the new forum.
Starting from 2019/03/30 please ask your questions on https://forum.search-guard.com/ only.
The Google Group forum will not be maintained anymore.
Thanks!
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/f3afe752-f2e1-4e31-8c2a-2464fee127ca%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages