I am trying to have password change UI app for searchguard internal users, I am able to get the password hash but I am not able to find any endpoint which can authenticate the internal user.
E.g. I want to have a api endpoint which will accept plain text password as input and provide is that is correct password for the given user.
I had a idea to use the hash.sh file in the tools but hash.sh gives different output for the same string everytime. So I cant use that file to hash the given password and then compare the result with get user info API.
Please let me know what endpoint or tool can be used to check valid password for given user.
When asking questions, please provide the following information:
None
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
Using the BCrypt hash of a users password is not really suitable for that, no. But there is the authinfo endpoint which you can use to verify credentials. Say you use HTTP Basic authentication, then just issue a call to:
http(s)://<es_node>:<es_http_port/_searchguard/authinfo
``
And provide the HTTP Basic credentials with it. If the credentials are correct this will return information about the user and roles in JSON format. If not, you will get an HTTP status code 403.
If you use any other authentication method, like JWT, you would provide the JSON web token in the call. This depends on your use case.
···
On Tuesday, July 10, 2018 at 7:49:48 PM UTC+2, Amey Gat wrote:
I am trying to have password change UI app for searchguard internal users, I am able to get the password hash but I am not able to find any endpoint which can authenticate the internal user.
E.g. I want to have a api endpoint which will accept plain text password as input and provide is that is correct password for the given user.
I had a idea to use the hash.sh file in the tools but hash.sh gives different output for the same string everytime. So I cant use that file to hash the given password and then compare the result with get user info API.
Please let me know what endpoint or tool can be used to check valid password for given user.
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
5 / 5.6.8
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Thanks for the quick reply the authinfo endpoint works for the password check.
···
On Wednesday, July 11, 2018 at 2:39:25 AM UTC+5:30, Jochen Kressin wrote:
Using the BCrypt hash of a users password is not really suitable for that, no. But there is the authinfo endpoint which you can use to verify credentials. Say you use HTTP Basic authentication, then just issue a call to:
http(s)://<es_node>:<es_http_port/_searchguard/authinfo
``
And provide the HTTP Basic credentials with it. If the credentials are correct this will return information about the user and roles in JSON format. If not, you will get an HTTP status code 403.
If you use any other authentication method, like JWT, you would provide the JSON web token in the call. This depends on your use case.
On Tuesday, July 10, 2018 at 7:49:48 PM UTC+2, Amey Gat wrote:
I am trying to have password change UI app for searchguard internal users, I am able to get the password hash but I am not able to find any endpoint which can authenticate the internal user.
E.g. I want to have a api endpoint which will accept plain text password as input and provide is that is correct password for the given user.
I had a idea to use the hash.sh file in the tools but hash.sh gives different output for the same string everytime. So I cant use that file to hash the given password and then compare the result with get user info API.
Please let me know what endpoint or tool can be used to check valid password for given user.
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
5 / 5.6.8
- Installed and used enterprise modules, if any
None
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any