#: SG - Https for client nodes only searchguard.ssl.http.enabled: false
searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.transport.resolve_hostname: false
---sg_config.yml----
searchguard: dynamic: kibana: multitenancy_enabled: true server_username: "bdm156" index: ".kibana" do_not_fail_on_forbidden: false http: anonymous_auth_enabled: false xff: enabled: false internalProxies: "192\\.168\\.0\\.10|192\\.168\\.0\\.11" remoteIpHeader: "X-Forwarded-For" proxiesHeader: "X-Forwarded-By"authc: ldap: enabled: true order: 1 http_authenticator: type: "basic" challenge: true authentication_backend: type: "ldap"
clientcert_auth_domain: enabled: true order: 0 http_authenticator: type: "clientcert" challenge: false config: username_attribute: "cn" authentication_backend: type: "noop"
authz: roles_from_myldap: enabled: true authorization_backend: type: "ldap" config: enable_ssl: false enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: false
----kibana.yml---
searchguard.basicauth.enabled: true
#: https must be enabled for below
searchguard.cookie.secure: true
# Multitenancy
#
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true
elasticsearch.requestHeadersWhitelist: [ "sg_tenant", "X-Authenticated-User", "Authorization", "X-Forwarded-For", "X-Forwarded-Server", "X-Forwarded-By
, "X-Proxy-User", "X-Proxy-Roles", "X-Client-Cert" ]
If you have restricted certain endpoints for the currently logged in user, the plugin will automatically disable these features.
For everything to work, the logged in user should have:
ACTIONGROUPS
endpoint with GET
methodindices:admin/validate/query
on all indicessearchguard.restapi.roles_enabled: ["sg_all_access", ...]
server_username: "bdm156"
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/3e5a67aa-83f2-4f36-8a6d-91ed82d484d6%40googlegroups.com.--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/g3SDu6-bID4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.