Connecting Kibana to an OpenID provider without setting up TLS

Tom_Cook · December 10, 2021, 5:59pm

I've got a small Elasticsearch cluster (two nodes) running in docker along with Kibana. The only thing that's exposed outside of the docker network is the Kibana service on port 5601 - and that's only exposed to localhost, as I have a reverse proxy in front of it to provide TLS to clients.

Now I want to connect it to our OpenID provider but it seems that for that I need the elastic token service, and for that I have to configure TLS on everything in the stack. Really? What is TLS going to add here? Is there no way to enable the token service without TLS?

azasypkin · December 16, 2021, 1:38pm

Hey @Tom_Cook ,

Have you tried to set xpack.security.authc.token.enabled: true in elasticearch.yml explicitly? Does Elasticsearch still require TLS in this case?

Best,
Oleg

Topic		Replies	Views
Is it possible to setup kibana and multiple elastic nodes in a secure network without TLS, and use token authentication? Elasticsearch elastic-stack-security , docker	5	433	July 13, 2023
OIDC without TLS Elasticsearch	1	215	January 15, 2024
Kibana tls certificate Kibana docker	2	790	October 9, 2019
How to config kibana if xpack.security.http.ssl.enabled is false Kibana elastic-stack-security , docker	8	4975	July 19, 2022
[KIBANA][Rules and Connectors] You must enable Transport Layer Security Kibana elastic-stack-security , elastic-stack-alerting	5	2164	September 14, 2021

Connecting Kibana to an OpenID provider without setting up TLS

Related topics