Hello !
I want to migrate (from 7.16 to 8.6) my own plugin that manage Kibana security with a custom login page and a custom security strategy.
Unfortunately, I notice that the xpack.security.enabled configuration disapeared and I'm not able to disabled xpack.security anymore.
Is there an another way to disabled it ? If not, are we able to add a custom security strategy to the server ?
Perhaps take a look at this.
Nope, it's not working 
I took a look at the x-pack security code in Kibana. It seems to always add the security strategy to the Kibana server. The X-pack security strategy bypasses or authenticates the user depending on the license activation.
Since the security strategy has to be implemented only once and I can't deactivate the X-pack security strategy, I will try to use my own strategy in the "onPostAuth" lifecycle.
Good luck you are in deeper than I am 
As you get closer I would open a Topic with a Very Specific Subject line then perhaps we can get someone from Kibana to take a look.
OK, thank you!
I think many plugins depend on x-pack security, so it is probably be difficult to allow for a full disabling today.
Yes in general security is become more native / embedded... I think 8.X was a big shift there... as Elastic became secure OOTB...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.