see https://github.com/floragunncom/search-guard/blob/master/sgconfig/sg_config.yml
clientcert_auth_domain:
enabled: true
order: 2
http_authenticator:
type: clientcert
config:
username_attribute: cn #optional, if omitted DN becomes username
challenge: false
authentication_backend:
type: noop
(order matters if you like to combine it with other authenticators)
> Am 26.02.2017 um 04:28 schrieb Abhinay Thurlapati <abhinayt...@gmail.com>:
>
> Hi,
> I would like to validate the requests via client certificate. Following the documentation, I understood that I need to specify the "http_authenticator.type" as "clientcert". There it is mentioned to click on TLS Client Certification for further details. However I could see, it is redirecting to HTTP Basic Authentication page.
>
> Please provide the configuration details I need to follow in order to validate the client certificates.
>
> Thanks
> Abhinay.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/4d226de6-b524-42cd-95bb-fbb85238a2ee%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/DCA5DF08-365B-4C41-92A3-A0EBB1AFA068%40search-guard.com.
# This is optional
# Only needed when impersonation is used
# Allow DNs (distinguished names) to impersonate as other users
#searchguard.authcz.impersonation_dn:
"CN=spock,OU=client,O=client,L=Test,C=DE":
# - worf
# "cn=webuser,ou=IT,ou=IT,dc=company,dc=com":
# - user2
# - user1
# Auditlog configuration:
ah.. impersonation is something else...
but it seems searchguard is not able to validate the certificates
--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7d1a8edc-eae2-487a-8265-d24c0ee4fb56%40googlegroups.com.
Forgot to add one point. This search guard is behind apache. Could it be the case that Apache is not forwarding client certificate to search guard.ThanksAbhinay
On 02-Mar-2017 8:13 PM, "Me He" <googl...@kampfschnuffel.de> wrote:
ah.. impersonation is something else...--
but it seems searchguard is not able to validate the certificates
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.