I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.
What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?
Thats not the way how HTTP Basic Authentication works. You need a authentication mechanism with is capable of doing a kind of single sign on.
For now search guard can be setup do do this via kerberos (or NTLM in a windows infrastructure). The will soon be more support like oauth2 and SAML or CAS. Maybe for you also the unauthenticated feature is interesting, see:
# Authenticates always a user with username 'searchguard_unauthenticated_user' #searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator
in combination with host based security (hosts attribute in acl)
ยทยทยท
Am 17.06.2015 um 15:36 schrieb John <johncarlo@imaginationplus.com>:
Hi,
I was looking to setup pass through authentication. I have the http basic authentication with elasticsearch/kibana and search-guard setup and that works.
What I would like to do is use a curl to setup the session that way the user does not see the login box but the elasticsearch/kibana instance is still secured by a login. I enabled the searchguard.http.enable_sessions. I can curl the :9200 instance and it logins but when I go to kibana and try to do the same it still asks for the password. Is there anyway around this with the default options in search-guard?