There are two ways to connect to ES. Either via the transport layer, for example by using a TransportClient. Or via the ES REST API, for example by using a browser or curl.
Search Guard supports full authentication and authorization on both layers, that’s why I was asking for your use case. The background is that you can use an authentication domain for both layers at the same time.
So from what I understand you want to connect to ES with a Transport client only, and also don’t need different users for that client. Hence, Basic Auth over transport is not relevant. In that case you can ignore all settings regarding HTTP, because you are not using it. So that should do it:
Yes, intern and internal is the same. It was just a typo, and we kept “intern” for backwards capability reasons.
On Monday, January 22, 2018 at 5:36:03 PM UTC+1, JozsefB wrote:
You were talking about REST layer. I am afraid I don’t understand you
On Monday, January 22, 2018 at 3:43:33 PM UTC+1, JozsefB wrote:
We just are implementing Transport client with SG as https://floragunn.com/searchguard-elasicsearch-transport-clients/ suggests
It says to create a new auth domain
Some options are not set here, for example http_authenticator type challange.
I am wondering whether they have a default value?
internal and intern are interchangable?
Actually before reading the web page below I thought that I had to use type: clientcert