I want to migrate (from 7.16 to 8.6) my own plugin that manage Kibana security with a custom login page and a custom security strategy.
Unfortunately, I notice that the xpack.security.enabled configuration disapeared and I'm not able to disabled xpack.security anymore.
Is there an another way to disabled it ? If not, are we able to add a custom security strategy to the server ?
Perhaps take a look at this.
Alright, I finally managed to get a shiny new local setup up and running!
Thank you Stephen for your suggestions!
What I ended up doing is:
-- downloaded and installed Elasticseach, Kibana and Filebeat, all of version 8.4.3 , all from gz archives
-- before starting ES for the first time - updated its elasticsearch.yml - added the following settings (2 that Stephen suggested and one more I found online - for good measure
Nope, it's not working
I took a look at the x-pack security code in Kibana. It seems to always add the security strategy to the Kibana server. The X-pack security strategy bypasses or authenticates the user depending on the license activation.
Since the security strategy has to be implemented only once and I can't deactivate the X-pack security strategy, I will try to use my own strategy in the "onPostAuth" lifecycle.
Good luck you are in deeper than I am
As you get closer I would open a Topic with a Very Specific Subject line then perhaps we can get someone from Kibana to take a look.
OK, thank you!
I think many plugins depend on x-pack security, so it is probably be difficult to allow for a full disabling today.
Yes in general security is become more native / embedded... I think 8.X was a big shift there... as Elastic became secure OOTB...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.