原英文版地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/saml-user-metadata.html, 原文档版权归 www.elastic.co 所有
本地英文版地址: ../en/saml-user-metadata.html
重要: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 当前版本文档
Elasticsearch Guide [7.7] » Secure a cluster » Configuring SAML single-sign-on on the Elastic Stack » User metadata
« Configuring role mappings Configuring Kibana »

User metadataedit

By default users who authenticate via SAML will have some additional metadata fields.

  • saml_nameid will be set to the value of the NameID element in the SAML authentication response
  • saml_nameid_format will be set to the full URI of the NameID’s format attribute
  • Every SAML Attribute that is provided in the authentication response (regardless of whether it is mapped to an Elasticsearch user property), will be added as the metadata field saml(name) where "name" is the full URI name of the attribute. For example saml(urn:oid:0.9.2342.19200300.100.1.3).
  • For every SAML Attribute that has a friendlyName, will also be added as the metadata field saml_friendlyName where "name" is the full URI name of the attribute. For example saml_mail.

This behaviour can be disabled by adding populate_user_metadata: false to as a setting in the saml realm.

« Configuring role mappings Configuring Kibana »