How to pass token (any type) to the ES(xpack) instead of userNamePassword?


I've worked by xpack security and its custom realms with its basic definitions as well as run-as feature.
But what I am looking for now, is passing on the token (like SAML) to the ES and then parse that token to authenticate the request.

How can I pass this token to the ES and have access to it in my custom realm? Can I have my own custom headers in the request which hands this token?

Thanks in advance

There's a couple of different ways to interpret your question, and I'm not sure which one you're looking for.

Can you clarify which of these you mean (or something else entirely)

  • How to pass custom headers from Kibana to Elasticsearch
  • How to read customer headers within the Java code of an Elasticsearch custom realm

In this case, Kibana doesn't play any role then I don't want to pass on something throw Kibana.

Just think I'm calling the ES directly with curl or my application. My question is this could I send the token (let's say SAML) by header and get access to that in the custom realm code and use that for Authentication and maybe use to discover the roles.


In which case, that's fine.

You implement getRestHeaders in your extension class, and list the headers that you want to use in your realm (example).

Then in your realm, in the token method, you can get access to that header through the ThreadContext (example).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.