How to access nested JWT claims in role DLS

Anthony · October 2, 2025, 9:20am

@thomas.schuerger The jwt claims only support top level attributes, as you see using authinfo.

You have 2 options to get this working:

You can use mappers in JWT provider (IDP) to convert it to top level attribute.
You can add this to the roles section, since roles supports nested attributes, (You might find this case useful)

Topic		Replies	Views
Access nested fields in JWT token for [subject_key, roles_key] Security troubleshoot , configure	6	3690	June 18, 2025
Nested claim for JWT auth, can't find roles Security troubleshoot	2	48	September 29, 2025
DLS fails with dynamic variable ${user.attrs.tenant_id} but works with static values Open Source Elasticsearch and Kibana	1	34	October 10, 2025
Document-Layer Security with parameter substitution from JWT token claims doesn't seem to work Security troubleshoot	2	500	June 16, 2023
Monitor with JWT document level security does not propagate jwt claims leading to empty results Alerting	1	422	February 7, 2023