Good Evening Everyone,
This past weekend we finally upgraded our cluster from 7.5.2 to 7.17.5. We had a few hiccups along the way, but most of been resolved. We have one outstanding issue we're not finding a solution to. When our cluster was running version 7.5.2, we were able to sign a user into with a token from elasticsearch API with the following setup:
We get a token using the following endpoint the elasticsearch api /_security/oath2/token
The user would be given a link with the following format: https://analytics.mydomain.com/app/kibana/?token=xxxx
This would route a request to a nginx reverse proxy with the following relevant config:
location / {
if ($arg_token) {
add_header Set-Cookie "token=$arg_token;max-age=1200;path=/";
}
proxy_set_header X-Found-Cluster mycluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "Bearer $cookie_token";
proxy_pass "https://mycluster";
}
This would sign the user in without entering a username and password and allow them to view their dashboards. Is there something that changed between 7.5.2 & 7.17.5 with this type of authentication? Is this still possible and If not what could be a viable replacement? We are using Elasticsearch/Kibana to allow our customer to create dashboards using their data from our web application. We have the accounts linked in the web application to a Kibana user for the Kibana auth. We would be open to upgrading further if needed to restore this functionality, even if it is a different solution.