Is it possible to seperate authentication from authorization in elasticsearch?


my company want to use a custom java authentication filter but still interested in role based access of Elasticsearch is it possible or they should both be customized?

Thanks in advance.

The short answer is yes. Besides providing your own authentication mechanism, depending on the implementation, you will likely need creating custom role mappings. If I understand correctly, the builtin support for LDAP, SAML etc are examples for what you need? i.e. the authentication mechanism is provided by external services and interfacing code in elasticsearch, while the role based access is leveraged by mapping attributes from authentication response to internal role names.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.