Thanks, it’s clearer to me now what you’re trying to achieve.
The short answer is: The HTTP Basic Authentication that you’re using is controlled fully by the Browser you are using. There is no such thing as a Search Guard session in our plugin. So the only way to “log out” from Basic Auth is to close the Browser. “Logging Out” here means that the browser forgets about the HTTP Basic credentials you used to log in.
How long these credentials are cached is different from Browser to Browser, but in our experience, it’s cached indefinitely, until the Browser is closed. So in short, apart from closing the browser, there is no way to end the “session” from the outside.
And yes you’re right, searchguard.session.ttl only applies to the Kibana plugin and does not do anything in Search Guard itself.
On Tuesday, May 30, 2017 at 5:30:01 PM UTC+2, Sagar Duwal wrote:
I am not using Search Guard with Kibana. I am trying to specify custom permission (read/write to specific indices only, and so on) to the users registered.
Currently I have Elasticsearch 2.4.4 in my production cluster, and few of the plugins installed. I have a specific marvel cluster separately setup for monitoring
the production clusters.
In my question previously, I meant when a user is logged in with their specific username and password to the browser, how long would the logged in session be
expired. I went through searchguard.session.ttl and keepalive for kibana that does what I require but, since I am not using kibana, this seems useless. I tried
using it either way, but seems useless.
I am testing with authentication with username and password added to sg_internal_users.yml.
I have other plans for authentication.
Also my other question was, if I could logout from the current user I logged in with.
I couldn’t find better detailed documentation regarding this. Thanks
On Tuesday, May 30, 2017 at 1:29:02 PM UTC+5:45, Jochen Kressin wrote:
what do you exactly mean by Search Guard session?
What is your setup?
Do you mean the session management in Kibana?
What authentication method(d) are us using?
In order to help you need to provide some more details please.
On Tuesday, May 30, 2017 at 6:11:29 AM UTC+2, Sagar Duwal wrote:
I have trying to setup search guard for my elasticsearch cluster. I have been testing searchguard for deployment to project.
I was wondering if we could set a user to have timeout period and after the period, the user is informed to login again. How can this be done?
Also, how can we logout of the session from searchguard at anytime ?