ReadOnlyRest entreprise user here, I’m stuck with a problem I’m unable to solve.
What I try to achieve:
Perform Authentication for kibana against OIDC identity provider(in my case keycloak) AND use custom claim in access token to fetch allowed indices .
What I’ve tried so far:
Use oidc support from Ror enterprise to perform authentication : authentication works but I’ve found no solution to grab custom claims from the access token so I was unable to filter out index access.
Add an authentication reverse proxy and forward the access token in Authorization header, then use jwt authentication from Ror.: Authentication and index access filtering works… as long as the first access token is valid. As soon as the access token expires, even though the reverse proxy refreshes it, it seems to not be taken by RoR unless the user goes manually back to /login, which effectively renders this solution useless(especially with an access token expiry set to 5 mn)
After this long situation overview, here comes the questions:
- Is my hypothesis correct regarding RoR processing Authorization header only on /login page?
- Is there any solution to use the Oidc support from Ror while fetching data from a claim of the access token?