Hi team , I am using jwt authentication to authenticate user and want to filter the ES respone based on client key present as calim in the jwt token but filtering is not working for me. The authentication is working. Is it possible to use jwt claims in filtering? Below is my yaml configuration
readonlyrest.yml: |-
readonlyrest:
ssl:
enable: false
keystore_file: “/usr/share/elasticsearch/config/certs/keystore.jks”
keystore_pass: test123
key_pass: test123
access_control_rules:
- name: "Allow read access to index through jwt authentication"
type: allow
indices: ["*"]
filter: '{"bool": { "must": { "match": { "client": "@{jwt:client}" }}}}'
jwt_auth:
name: "jwt_provider_1"
- name: "Allow write access to index through jwt authentication"
type: allow
indices: ["*"]
jwt_auth:
name: "jwt_provider_1"
- name: "Allow docker-kubernetes to check health"
type: allow
actions: ["cluster:monitor/health"]
jwt:
- name: jwt_provider_1
signature_algo: HMAC # can be NONE, RSA, HMAC (default), and EC
signature_key: "oskDPTRIuGJrHu0QqkGB0JsRxBNDZ9pHc9IcfXMoKM8uQ5YEP23uzZ8EHG8oDFyhgqMr9cq2k8cSOsOktqBESEbiFzYPz8wOIVdlYqcv7xidK6N9bPYJXyDEQwO2j2DkoskDPTRIuGJrHu0QqkGB0JsRxBNDZ9pHc9IcfXMoKM8uQ5YEP23uzZ8EHG8oDFyhgqMr9cq2k8cSOsOktqBESEbiFzYPz8wOIVdlYqcv7xidK6N9bPYJXyDEQwO2j2Dk"
user_claim: client
header_name: Authorization