I'm running Version 4.3.10 of the all in one AWS AMI installation.
I enabled Single SIgn On (with GSuite). I can successfully authenticate but am having a problem with the role mappings.
I did map the new backend role "Wazuh_access" to "all_access in /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml
all_access:
reserved: false
hidden: false
backend_roles:
- "admin"
- "Wazuh_access"
hosts: []
users: []
and_backend_roles: []
description: "Maps admin to all_access"
When I login to the Wazuh dashboard I see the following permission when clicking my avatar -> "View Roles and Identities":
Roles (2)
Roles you are currently mapped to by your administrator.
own_index
all_access
Backend roles (2)
Backend roles you are currently mapped to by your administrator.
Wazuh_access
Strangely it says I am mapped to two backend roles but only shows "Wazuh_access" after a blank line. I'm not sure what other Backend role I would be mapped to. Perhaps this is a clue.
From the navigation menu on the left I seem to have full access with OpenSearch dashboards and Opensearch Plugins. e.g. I can see events from my agents under Opensearch Dashboards > Discover.
However, I have no access under Home or the Wazuh section. For instance I cannot see previously registered agents and am not able to register new agents. Clicking "Add agent" shows the following errors:
This section could not be configured because you do not have permission to read groups.
This section could not be displayed because you do not have permission to get access to the registration service.
If I disable SSO I can still login as my existing internal user and see all of my agents.
I thought maybe it was a caching issue between different components, but I've tried purging the cache under OpenSearch Plugins > Security and have rebooted the entire server to no avail.
Any idea where I went wrong?