(I’m using the latest of version 5 for everything here)
I’m trying to setup just client certificate authenication for kibana users with SG.
I have only one auth domain in auth_c for http_authenticator, type: clientcert, and challenge set to true.
I have got searchguard.ssl.http.clientauth_mode: REQUIRE in elasticsearch.yaml.
Kibana is running under https with server.ssl.enabled: true
But the searchguard login box appears, I was expecting that having challenge set to true, would activate the in-browser ‘choose a client certifcate’ prompt but it does not,
How do I prevent the login box appearing?
And is SG able to get the browser to request a client cert, or does it just expect it to be there? Or is this a case of kibana not being able to forward on any client certificates?