Custom Realm for JWT Authentication

Hello,
I try to connect Search Guard with a Cloud Server that provides a REST Interface. We would need a User Challenge to get their Username and Password that are used to authenticate themselves against the Cloud. The Cloud Server then issues a JWT which contains all important Information needed to log the User in to Kibana and grant him right(s) matching his role(s). Is it possible to connect to that kind of Server using Search Guard for Authentication?

Best regards,

Anna Eimbeck

Sure, but it’s an enterprise (licensed) feature. You can use the JWT authenticator for that purpose:

You need to make sure that all requests that are issued against Kibana contain the JWT token in the HTTP “Authorization” header, for example:

Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImhyX2VtcGxveWVlIiwicm9sZXMiOiJociIsImlkIjpudWxsLCJpYXQiOjE0ODY4NTI1NDF9.1A6ircYWr4nCB1hEDMq-sLheG0ON_8ccRxNd1KlE03U

And, for Kibana 5, you may also need to whitelist this HTTP header in kibana.yml:

elasticsearch.requestHeadersWhitelist: [“authorization”]

···

Am Donnerstag, 16. Februar 2017 14:07:12 UTC+1 schrieb Anna Eimbeck:

Hello,
I try to connect Search Guard with a Cloud Server that provides a REST Interface. We would need a User Challenge to get their Username and Password that are used to authenticate themselves against the Cloud. The Cloud Server then issues a JWT which contains all important Information needed to log the User in to Kibana and grant him right(s) matching his role(s). Is it possible to connect to that kind of Server using Search Guard for Authentication?

Best regards,

Anna Eimbeck