3rd party auth Kibana cloud.elastic.co - cannot edit kibana.yml

honzo · February 14, 2019, 11:45pm

Hello, we are exploring the use of an OAuth proxy to grant login to Kibana using GitHub. We are using the ES Cloud offering.
I started at https://www.elastic.co/blog/user-impersonation-with-x-pack-integrating-third-party-auth-with-kibana, but am blocked already, because I cannot make the initial changes to kibana.yml in the User Settings Override. I get an error:

'elasticsearch.requestHeadersWhitelist': is not allowed

Browsing https://www.elastic.co/guide/en/cloud/current/ec-manage-kibana-settings.html, sure enough that setting is not on the list.

Is there any other way to edit kibana.yml in the Cloud offering, or is this a limitation?

Thanks for any insight

Trevor

honzo · February 15, 2019, 9:03pm

Had a quick reply on this from EC Support last night (thanks Chris!) .. it is a limitation of the SaaS, and it was recommended that we use SAML.
https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-SAML.html

SAML requires a Platinum license, but Elastic.co does grant it's use as "a special gesture to startups and small business customers running clusters with less than 64 GB of memory" .. though there was some mention about needing a 2nd cluster to gain the features (which we have, for monitoring)
https://www.elastic.co/cloud/elasticsearch-service/subscriptions

Maybe this helps someone one day..

Trevor M

bhavyarm · February 18, 2019, 11:01pm

Hello,

Thanks a lot for keeping the community posted.

Cheers,
Bhavya

system · March 18, 2019, 11:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.