I took a look at the x-pack security code in Kibana. It seems to always add the security strategy to the Kibana server. The X-pack security strategy bypasses or authenticates the user depending on the license activation.
Since the security strategy has to be implemented only once and I can't deactivate the X-pack security strategy, I will try to use my own strategy in the "onPostAuth" lifecycle.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.