By default users who authenticate via SAML will have some additional metadata fields.
saml_nameidwill be set to the value of the
NameIDelement in the SAML authentication response
saml_nameid_formatwill be set to the full URI of the NameID’s
- Every SAML Attribute that is provided in the authentication response
(regardless of whether it is mapped to an Elasticsearch user property), will be added
as the metadata field
saml(name)where "name" is the full URI name of the attribute. For example
- For every SAML Attribute that has a friendlyName, will also be added as the
saml_friendlyNamewhere "name" is the full URI name of the attribute. For example
This behaviour can be disabled by adding
populate_user_metadata: false to as
a setting in the saml realm.