I've installed Searchguard 5 with Kibana and Elasticsearch.
I'm able to authenticate with basic authentication (searchguard db).
Now I need to make it work with proxy authentication / SSO.
After I enter my SSO credentials, the requested is redirected back to Kibana but then I get a pop up prompt me to login with basic authentication. If I do so I was able to access Kibana.
It seems that the header returned to Kibana is the root cause.
* About to connect() to 127.0.0.1 port 9200 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 9200 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=localhost
* start date: Aug 09 20:51:28 2017 GMT
* expire date: Aug 09 20:51:28 2019 GMT
* common name: localhost
* issuer: CN=floragunn Gmbh Signing CA,OU=floragunn Gmbh Signing CA,O=floragunn Gmbh
> GET /_searchguard/authinfo?pretty=true HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host:
127.0.0.1:9200> Accept: */*
> x-proxy-user: ot865k
> x-proxy-roles: sg_all_access
> x-forwarded-for: 127.0.0.1
>
< HTTP/1.1 200 OK
< content-type: application/json; charset=UTF-8
< content-length: 317
<
{
"user" : "User [name=ot865k, roles=[sg_all_access]]",
"user_name" : "ot865k",
"user_requested_tenant" : null,
"remote_address" : "127.0.0.1",
"sg_roles" : [
"sg_own_index",
"sg_public"
],
"sg_tenants" : {
"ot865k" : true
},
"principal" : null,
"peer_certificates" : "0"
}
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
Omer.