Disabled xpack security plugin in Kibana 8

Hello !

I want to migrate (from 7.16 to 8.6) my own plugin that manage Kibana security with a custom login page and a custom security strategy.

Unfortunately, I notice that the xpack.security.enabled configuration disapeared and I'm not able to disabled xpack.security anymore.

Is there an another way to disabled it ? If not, are we able to add a custom security strategy to the server ?

Perhaps take a look at this.

Nope, it's not working :frowning:

I took a look at the x-pack security code in Kibana. It seems to always add the security strategy to the Kibana server. The X-pack security strategy bypasses or authenticates the user depending on the license activation.

Since the security strategy has to be implemented only once and I can't deactivate the X-pack security strategy, I will try to use my own strategy in the "onPostAuth" lifecycle.

1 Like

Good luck you are in deeper than I am :slight_smile:

As you get closer I would open a Topic with a Very Specific Subject line then perhaps we can get someone from Kibana to take a look.

OK, thank you!

I think many plugins depend on x-pack security, so it is probably be difficult to allow for a full disabling today.

Yes in general security is become more native / embedded... I think 8.X was a big shift there... as Elastic became secure OOTB...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.