Setting up http authentication and passing crentials through

Hi,

I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.

What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?

Thats not the way how HTTP Basic Authentication works. You need a authentication mechanism with is capable of doing a kind of single sign on.
For now search guard can be setup do do this via kerberos (or NTLM in a windows infrastructure). The will soon be more support like oauth2 and SAML or CAS. Maybe for you also the unauthenticated feature is interesting, see:

# Authenticates always a user with username 'searchguard_unauthenticated_user'
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator

in combination with host based security (hosts attribute in acl)

ยทยทยท

Am 17.06.2015 um 15:36 schrieb John <johncarlo@imaginationplus.com>:

Hi,

I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.

What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/247b6a78-1b36-45d6-8ee1-064085ac37a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.