Hi all,
I am working on a custom security realm for my ELK stack. I have started working on the custom realm (based on the example git repo) and have the actual authentication logic working. But I have a few questions.
My desired workflow is the following:
- User goes to web application
- User gets directed to company authentication system
- User logs into the secure company authentication system
- A few fields are generated, stoken, referer & audience, username. User is redirected back to the web app with these generated fields
- These now need to be passed to elasticsearch (nodejs)
- My custom security realm validates the stoken (which requires the referrer & audience values)
- User is now authenticated against elasticsearch & can use it
When dealing with Kibana, my plan is to use something like nginx to divert them to the company authentication system instead of going to the web application.
I have completed steps 1-4 and I have created most of my custom security realm. But I am confused on a few points. How do I actually pass the stoken, referer & audience to the custom security realm?
Within the CustomRealm.java file, line 100 the example gets data from the "ThreadContext". But what is this and how does it work? How does it get those headers? Fundamentally, what are the headers? It seems I need to create a stoken, referer & audience header, but how? Within the CustomRealmExtension.java I have updated getRestHeaders to have my required headers, but where are they set?
When authenticating elasticsearch in nodejs you can authenticate with a basic username and password like this:
var elastic_client = new elasticsearch.Client({ host: 'elastic:changeme@<elastic_ip>:9200' });
But how can I pass my username, stoken, audience & referer?
As a heads up, I have no control over using the company authentication system, I just need to integrate it... somehow
I really appreciate any help you can give,
Alex