I am trying to configure OIDC integration with elasticsearch and kibana.
For development, I am using my own IdP based on KeyCloak. Everything works fine. Roles are read out of the JWT Token if I configure KeyCloak to add the roles information to the Identity Token (as described in https://search-guard.com/kibana-openid-keycloak/ )
In my production environment - using a corporate IdP based on Ping Identity - the IdP does not include the roles information to the identity token. I can access the user name based on the “sub” field in the token. But to access the roles information, it is necessary to query the OIDC userinfo endpoint.
Is there any way to configure SG to do so?