Can I implement OIDC integration via Keycloak with the Elasticsearch basic license or do I need enterprise?
Thank you @stephenb
Hello @stephenb ,
is there a realease ( the 8.X series) that is not requiring a license to integrate keycloak with elasticsearch?
No, this has always been a commercial feature that require a commercial license.
2 Likes
@Christian_Dahlqvist @stephenb
is there a solution to integrate keycloak to authenticate to elasticsearch managed by eck operator , what about using a reverse proxy ? maybe kong or nginx. i did it with kong but i usually get the login page of kibana .
what solution you find to bypass this issue @trwillis
With the basic license you can only use the native authentication realm, it is not possible to integrate with Keycloak.
If you want to try to use a reverse proxy in front of Kibana is up to you, but this is not docummented nor supported as it is a third-party tool.
@leandrojmp , thanks for your response .
I used the third party rproxy , but i already see the login page of kibana , the process of getting token from keycloak and validation by kong is working well , but i still seeing the login page of kibana.
If you have set up Elasticsearch and Kibana with standard security you will need to log in and provide a password. Not sure separate authentication in a proxy can override that as there might not be a way for the proxy to provide the appropriate credentials to Kibana and avoid the login screen. You could off course set up Elasticsearch without internal security and rely on the proxy, which would remove the login screen, but then you can not restrict what users can do.
As Leandro mentioned this is not a supported setup, so I am not sure it is even possible.