pentaho-engineering-samples/Samples_for_Extending_Pentaho/Reference Implementations/Security/SAML 2.0 at master · pentah…
pentaho-security-samples/wso2is-ldap at master · kleysonr/pentaho-security-samples · GitHub
Hi, Thanks for your feedback. Is this true for both EE and CE Edition? My concern is Pentaho 8.1 Community Edition.
yes, it is. It's just harder in CE
I integrate SAML in Pentaho with idp keycloak, however, after a successful login in keycloak, the information to the server about the user just have user and password, no role mappings.
Then the pentaho don't access to the dashboard and return the log:
DEBUG [org.springframework.security.access.vote.AffirmativeBased] Voter: org.pentaho.platform.engine.security.PentahoSubstringRoleVoter@6b5592f0, returned: -1DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry pointorg.springframework.security.access.AccessDeniedException: Access is denied
In the documentation https://www.keycloak.org/docs/latest/server_admin/index.html#_saml:
"The first is an application that asks the Keycloak server to authenticate a user for them. After a successful login, the application will receive an XML document that contains something called a SAML assertion that specify various attributes about the user. This XML document is digitally signed by the realm and contains access information (like user role mappings) that the application can use to determine what resources the user is allowed to access on the application."
What I have to do too pass the roles to the pentaho server? What is wrong?
Retrieving data ...