Kibana Client Authentication Authentication

Question

Kibana Client Authentication Authentication

I installed Search Guard for Elasticsearch 5 and configured client certificate only authentication with CN as username.

      clientcert_auth_domain:
        enabled: false
        order: 2
        http_authenticator:
          type: clientcert
          config:
            username_attribute: cn #optional, if omitted DN becomes username
          challenge: false
        authentication_backend:
          type: noop

I also installed the Search Guard plugin for Kibana.

How can I configure Search Guard for Kibana to use client logon certificates for users? I only see an option to use username or LDAP in the documentation: https://github.com/floragunncom/search-guard-docs/blob/master/kibana.md

But I would like to use the client certificates configured in Search Guard for Elasticsearch. I don't see any configuration options to enable client network authentication also for kibana users.

However, I need to login to insert the username and password.

+3

elasticsearch kibana client-certificates mutual-authentication kibana-5

user1563721 May 10 '17 at 19:08

source to share

1 answer

Jochen Kressin · Answer 1 · 2017-05-26T11:54:59+0000

Kibana acts as a proxy for Elasticsearch and by default discards most of the information contained in the original HTTP call, including the HTTP header fields containing your client certificate.

However, you can explicitly specify the HTTP headers in the kibana.yml file, so you can whitelist the headers "X-Client-Cert"

, for example:

elasticsearch.requestHeadersWhitelist: [ "authorization", "X-Client-Cert" ]

Disclaimer: I work for floragunn / Search Guard

Kibana Client Authentication Authentication

More articles: