Auto authenticate with Ealsticsearch shield using PKI

kqpr0 · August 10, 2016, 4:26pm

I am using the shield addon for my elasticsearch. I want to configure Shield to auto authenticate when a user hit the rest endpoint in the browser, looking at the browser's cert. How can i achieve this?

In my elasticsearch.yml I have:

shield.transport.ssl: true
shield.http.ssl: true
shield.ssl.keystore.path : /path/keystore.jks
shield.ssl.keystore.password: password

shield.authc.realms.pki1.type: pki
shield.authc.realms.pki1.truststore.path: path/allTruststore.jks
shield.authc.realms.pki1.truststore.password: changeme

But the authentication window still pops up every time asking for a log in.

jaymode · August 10, 2016, 8:19pm

You also need to enable client authentication for http. Set shield.http.ssl.client.auth: optional in your elasticsearch.yml. This will request the client certificate and if not presented, it will allow fallback to username/password authentication.

kqpr0 · August 10, 2016, 8:37pm

I set to Required, and i got a ssl_error_bad_cert_alert. Guess im getting somewhere..

Topic		Replies	Views
PKI authentication with shield - client certificate not requested Elasticsearch elastic-stack-security	3	1059	July 6, 2017
PKI auth in Elasticsearch - http layer Elasticsearch elastic-stack-security	1	408	June 5, 2020
Shield and x509 auth for http(s) clients Elasticsearch elastic-stack-security	1	1035	July 6, 2017
Elasticsearch HTTPS and Adding to Java Rest Client Elasticsearch elastic-stack-security	1	28	August 26, 2024
How to enable logging for shield? Elasticsearch elastic-stack-security	4	1745	July 6, 2017

Auto authenticate with Ealsticsearch shield using PKI

Related topics