原文地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/saml-user-metadata.html, 原文档版权归 www.elastic.co 所有
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
User metadataedit
By default users who authenticate via SAML will have some additional metadata fields.
-
saml_nameid
will be set to the value of theNameID
element in the SAML authentication response -
saml_nameid_format
will be set to the full URI of the NameID’sformat
attribute -
Every SAML Attribute that is provided in the authentication response
(regardless of whether it is mapped to an Elasticsearch user property), will be added
as the metadata field
saml(name)
where "name" is the full URI name of the attribute. For examplesaml(urn:oid:0.9.2342.19200300.100.1.3)
. -
For every SAML Attribute that has a friendlyName, will also be added as the
metadata field
saml_friendlyName
where "name" is the full URI name of the attribute. For examplesaml_mail
.
This behaviour can be disabled by adding populate_user_metadata: false
to as
a setting in the saml realm.