Can we have kibana authentication without x-pack?


(Abdul Gaffar Shaikh) #1

Hi team,

i would like to write custom realm authentication for my web app for user authentication. however my x-pack trial license has expired, and basic license does not support security plugin.
I can't afford for paid license.

Also embedded iframe for kibana is not recommended on the security perspective as the url can be easily tracked and can be accessed outside the web application.

The nginx solution looks a bit messy and not much comprehensible.

My web application users are authenticated via mysql database. can that same be used to authenticate kibana and that should not be accessible outside my web app

I am new to Elastic stack . Any further study , help on the topic would be highly appreciated.

please help me with this combination if possible :-

Spring + mysql + ELastic Stack.

Thanks in advance.


(Lee Drengenberg) #2

A really large amount of work goes into writing a security module like is included in x-pack. I don't think it would be reasonable for a person, or small team even, to spend the time to try to write something like it.

In the case of x-pack, most of the security module is in Elasticsearch (not in Kibana). So the data is actually protected instead of just blocked by Kibana. Kibana does requests to Elasticsearch as the logged in user and if it fails for security reasons then it mostly just passes that error to the user.

If you're using Kibana for a small startup or non-profit I think you might get a discount on the license.

I don't know if you're running it locally or on AWS perhaps, but if you're running it in the cloud you might consider switching to the Elastic Cloud solution which includes security.

Regards,
Lee


(Abdul Gaffar Shaikh) #3

Thanks @LeeDr for the information.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.