When asking questions, please provide the following information:
* Search Guard and Elasticsearch version: 6.5.4-oss-24.2
Hello
We have a kibana with search guard plugin exposed via kubernetes nginx ingress(reverse proxy).
We have enabled authentication on ingress level and forward the `Authorization` header to the kibana. The log-in is working fine because we are using the same username and password for the ingress and kibana and we do not have to type the credentials twice.
It looks like the kibana is using a cookie to keep the credentials data, while the ingress keeps it in the `Authorization` header.
If we try to logout from the kibana, we are redirected to the login screen of the Search Guard with non-invalidated or removed Authorization header. So If I try to open the root path `<kibana-hostname>/` I am successfully logged in, because the Authorization header is still valid.
On the other side, If try to log in with other user with different permissions, the dashboard shows me as the other user, but I am actually logged in as the first one that is coming from the Authorization header. As result the second user has the permissions of the first one.
So generally, the logout is not working very well when the search guard is enabled to accept Authorization header.
Is it possible to make the search guard to invalidate the Authorization header on log out ?
Best Regards
Vladimir