--- _sg_meta: type: "config" config_version: 2 sg_config: dynamic: # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default) # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently #filtered_alias_mode: warn #kibana: # Kibana multitenancy - NOT FREE FOR COMMERCIAL USE # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki #multitenancy_enabled: true #server_username: kibanaserver #index: '.kibana' #do_not_fail_on_forbidden: false http: anonymous_auth_enabled: false xff: enabled: true internalProxies: '.*' # trust all internal proxies, regex pattern remoteIpHeader: 'x-forwarded-for' authc: basic_internal_auth_domain: http_enabled: true transport_enabled: true order: 1 http_authenticator: type: basic challenge: true authentication_backend: type: internal proxy_auth_domain: http_enabled: true transport_enabled: false order: 2 http_authenticator: type: proxy challenge: false config: user_header: "x-proxy-user" roles_header: "x-proxy-roles" authentication_backend: type: noop clientcert_auth_domain: http_enabled: true transport_enabled: true order: 3 http_authenticator: type: clientcert config: username_attribute: cn #optional, if omitted DN becomes username challenge: false authentication_backend: type: noop authz: internal_authorization: http_enabled: true authorization_backend: type: internal