I have created a custom realm for X-Pack which uses spring-security-oauth2 based web application for authentication and authorization. This realm is working perfectly with elasticsearch i.e. user is only to able to do only specific things he can do . However I want to access Kibana via such a user in similar way to elasticsearch i.e. my request to Kibana at http://localhost:5601/app/kibana with headers that I use in custom realm (User and Authorization) should be authenticated as user has proper access token.
The necessary configuration in ES is shown below :
xpack.security: authc: realms: springsecurity: type: springsecurity order: 0
Also in kibana.yml, I have added necessary configuration for the passage of headers from Kibana to Elasticsearch as shown below
elasticsearch.requestHeadersWhitelist : ["User", "Authorization"]
xpack.monitoring.elasticsearch.requestHeadersWhitelist : ["User", "Authorization"]
However this is not working and I am redirected to the Kibana login page again.
Is there something I am missing here ?