Configure proxy for Elasticsearch

etrpchevska · August 25, 2021, 11:01am

Hello!

We have an Elasticsearch setup running in on-prem data center as a Kubernetes application. I would like to configure SAML realm for SSO login to the cluster and Kibana, but in order to get authenticated to the Identity Provider (Azure AD) in our case, we have to go through a proxy IP address that allows access to public URL on the internet.

How can this proxy setup be added to the elasticsearch configuration? The current configuration is the following and we are using 7.6 ES version.

elasticsearch.yml: |
    cluster.name: dev-observability
    network.host: "0.0.0.0"
    bootstrap.memory_lock: false
    discovery.zen.ping.unicast.hosts: es-cluster-discovery.dev-elastic-system.svc.cluster.local
    discovery.zen.minimum_master_nodes: 2
    cluster.initial_master_nodes: es-cluster-0, es-cluster-1, es-cluster-2
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12 
    xpack.monitoring.enabled: true
    xpack.ml.enabled: false
    xpack.watcher.enabled: false
    xpack.license.self_generated.type: trial

    xpack.security.authc.token.enabled: true
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/http.p12
    xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/http.p12
    xpack.security.authc.realms.saml.saml1:
      order: 1
      idp.metadata.path: /usr/share/elasticsearch/config/idp-metadata.xml
      idp.entity_id: https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
      sp.entity_id: SP-kibana-dev
      sp.acs: https://kibana-dev.xxxxxxxxxxx.net/api/security/v1/saml
      sp.logout: https://kibana-dev.xxxxxxxxxxx.net/logout
      attributes.principal: urn:oid:0.9.2342.19200300.100.1.1
      attributes.groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.
    # xpack.security.authc.realms.basic.basic1:
    #   order: 0

    node:
      master: true
      data: true
      ingest: true

Thank you for your answers!

system · September 22, 2021, 11:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Config validation of [xpack.security].authc.providers Kibana elastic-stack-security	3	2032	September 22, 2021
SAML with Azure AD Elasticsearch elastic-stack-security	6	1999	June 18, 2019
Kibana SAML authentication issue Elasticsearch elastic-stack-security	16	8018	March 14, 2018
ElasticSearch Error When Integrating with Azure AD for SSO Capabilities Elasticsearch elastic-stack-security	13	1626	April 18, 2019
Elastic - SAML (Azure) integration issue Elasticsearch elastic-stack-security	2	613	April 14, 2020

Configure proxy for Elasticsearch

Related Topics