We have a web application where the user logs into perform operations or check some analytics.
As of now we have made the kibana links accessible via the web ui.
For security purposes, we were planning to pass the web application authtoken to Elastic Search via Kibana.
- Pass the auth token to Kibana from Web Application.
- Pass the auth token to Elastic Search from Kibana for it's queries.
- Elastic Search verifying the validity of the auth token from a rest service before returning the results.
With the existing options for securing Elastic Search I am bit puzzled on implementing this kind of authentication.
Any one tried similar approach? Your thoughts/comments appreciated.