Hello,
I believe your issue is in roles_key.
Since you are using azure app registration as IDP try add http://schemas.microsoft.com/ws/2008/06/identity/claims/role as values to roles_key and re-deploy to see if that works. Dont forget to run securityadmin.sh
The issue basically could be that no roles are fetch from the SAML assertion , if you debug the SAML request you can see what is sent from azure.
Please redeploy opensearch and opensearch-dashboards.