Two questions

  1. if you use the proxy pass method does it only consider the sg_roles.yml declaration? I see the x-proxy-user come though, and obviously the x-proxy-roles are null values as nginx isn’t passing those. But I would have thought the sg_role_mapping file would match on my x-proxy-user name and properly add that user to the role mapped in that file. But this is just not happening.

  2. Do users added to the sg_internal_users.yml file need to have a password? Can we create a user without a password and get them to be checked via the basic_internal_auth_domain? Seems like the user is just silently ignored if I don’t have a hash value defined.

1) if you use the proxy pass method does it only consider the sg_roles.yml declaration? I see the x-proxy-user come though, and obviously the x-proxy-roles are null values as nginx isn't passing those. But I would have thought the sg_role_mapping file would match on my x-proxy-user name and properly add that user to the role mapped in that file. But this is just not happening.

This was a bug and fixed with https://github.com/floragunncom/search-guard/issues/150

2) Do users added to the sg_internal_users.yml file need to have a password? Can we create a user without a password and get them to be checked via the basic_internal_auth_domain? Seems like the user is just silently ignored if I don't have a hash value defined.

empty or null passwords are not supported (this should throw an exception)

···

Am 27.06.2016 um 20:47 schrieb djtecha <djtecha@gmail.com>:

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/42f8579f-f6dd-4089-a88f-bfe39b5d7bbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.