0

When providing OpenID based access to the users in ES, the Email-IDs are taken as case sensitive i.e. if an user has email, Xyz.Abc@foo.com, if I give the Email-ID as xyz.abc@foo.com, the user is unable to login.

Is there any way we can make this Email-ID case insensitive in Elasticsearch, so that lower case Email-IDs will work for all users?

ES version: 7.3.2
Tier: Platinum X-Pack enabled
User Authentication: OpenID based
Current role-mapping request:

PUT _security/role_mapping/foo_read_user_01?pretty
{
    "roles": [
        "foo_client",
        "kibana_dashboard_only_user"
    ],
    "enabled": true,
    "rules": {
        "all": [
            {
                "field": {
                    "realm.name": "oidc1"
                }
            },
            {
                "field": {
                    "username": [
                        "Xyz.Abc@foo.com",
                        "Bar.Yahoo@foo.com",
                        "FOOBAR@foo.com",
                        "foozbaR@foo.com"
                    ]
                }
            }
        ]
    }
}

Expected role-mapping request:

PUT _security/role_mapping/foo_read_user_01?pretty
{
    "roles": [
        "foo_client",
        "kibana_dashboard_only_user"
    ],
    "enabled": true,
    "rules": {
        "all": [
            {
                "field": {
                    "realm.name": "oidc1"
                }
            },
            {
                "field": {
                    "username": [
                        "xyz.abc@foo.com",
                        "bar.yahoo@foo.com",
                        "foobar@foo.com",
                        "foozbar@foo.com"
                    ]
                }
            }
        ]
    }
}

Please let me know if you need any additional details.

Soumendra
  • 1,518
  • 3
  • 27
  • 54
  • can you modify your mapping to pass your mail-ids through lowercase filter? – Amit Jan 13 '20 at 11:38
  • This mapping is for onboarding users; it will not affect by changing this mapping as OpenID will not verify the User Authentication as per this mapping. – Soumendra Jan 13 '20 at 12:22

1 Answers1

0

Try this 

PUT my_index {
        "analysis" : {
            "analyzer" : {
                "email_analyzer" : {
                    "filter" : [
                        "lowercase"
                    ],
                    "type": "custom",
                    "tokenizer" : "uax_url_email"
                }
            }
        }
    }

And you can refer this link

You can refer here

Ragu Natarajan
  • 709
  • 3
  • 16