Setting up http authentication and passing crentials through
343 views
Skip to first unread message
John
Jun 17, 2015, 9:36:07 AM6/17/15
to search...@googlegroups.com
Hi,
I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.
What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?
I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.
What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?
SG
Jun 18, 2015, 4:04:30 AM6/18/15
to search...@googlegroups.com
Thats not the way how HTTP Basic Authentication works. You need a authentication mechanism with is capable of doing a kind of single sign on.
For now search guard can be setup do do this via kerberos (or NTLM in a windows infrastructure). The will soon be more support like oauth2 and SAML or CAS. Maybe for you also the unauthenticated feature is interesting, see:
# Authenticates always a user with username 'searchguard_unauthenticated_user'
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator
in combination with host based security (hosts attribute in acl)
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/247b6a78-1b36-45d6-8ee1-064085ac37a0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
For now search guard can be setup do do this via kerberos (or NTLM in a windows infrastructure). The will soon be more support like oauth2 and SAML or CAS. Maybe for you also the unauthenticated feature is interesting, see:
# Authenticates always a user with username 'searchguard_unauthenticated_user'
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator
in combination with host based security (hosts attribute in acl)
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/247b6a78-1b36-45d6-8ee1-064085ac37a0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages