How to disable authentication in Kibana while still using SSL?

Is it possible to disable the need to log in to Kibana, while still running the instance over HTTPS? We have our own means of authentication that any user trying to access must go through first, so there is no need for us to need to login to Kibana as well. I was looking at disabling x-pack, but that looks like it also disables HTTPS. Any ideas?

Currently we are using Kibana 5.2.2, but are looking into 5.3.


hi @tylermac92 ,

you'll need to set the SSL config:


I have SSL enabled, and xpack is disabled. However, when I try to access Kibana, I'm still being prompted to enter credentials. Any way to disable this? I want users to have access without having to authenticate, but still pass traffic over HTTPS.

Have you disabled security in the elasticsearch/kibana.yml files? false

I have that set in the kibana.yml file. I was hesitant to do so in elasticsearch.yml, because we still want to have elasticsearch run over HTTPS (and we want to have kibana authenticate with elasticsearch, just not require a user to authenticate in their browser).

So it seems you are not really using X-pack as you're turning it of?

If not, you could add a reverse proxy (e.g. nginx) in front of Elasticsearch that adds basic authentication/SSL for Elasticsearch.

You can then configure Kibana to hit that server by setting the elasticsearch.user and elasticsearch.password parameters in the kibana.yml file.

Let me know if I'm missing something, thx

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.