Is it possible to utilise any sort of authentication with an external map tile server?
The end goal is simply:
- Kibana, with a custom tile server
- The tile server to be protected in some fashion
I have evaluated multiple auth methods. My current thoughts are:
- Basic auth over HTTPS (presuming the browser will prompt once, and then either never prompt until failure or not prompt for remainder of session)
- Using mTLS/client auth on tile server (combined with some sort of setting/policy to prevent browser prompt for client certificate selection)
As far as I can tell, Kibana's proxy-map-server feature only works with the Elastic Maps Service (and maybe self-hostable Elastic Maps Server).
Are the other options? Have I missed anything obvious?
I have found this post (#51344 Use external tile servers that require authentication) which is half of it, but suggests it can't be done with any actual Kibana-related features.
Note - the GitHub issue linked above is closed with the following, but I would disagree with it as it means your tile server serving your custom maps would need to be exposed!
For general purpose web-apps like Kibana, it's reasonable to expect that the tile-servers are not behind an authentication layer.