PKI authentication for "elastic" user

tiuser4567 · April 29, 2019, 4:09pm

Hello,

We are trying to authenticate using PKI with elastic with native realm as the authorization realm.

xpack.security.authc:
realms:
native:
type: native
order: 0
pki:
type: pki
order: 1
authorization_realms: native

The setup is working with the users we created in the native realm (via /_xpack/security/user).

However we are unable to login using the default elastic user with PKI.
Error in the elastic server is
"Authentication to realm pki failed - the principal [elastic] was authenticated, but no user could be found in realms [native/native]"

I'm not sure if it is not considered to be in the native realm even though the elastic superuser is accessible in /_xpack/security/user/elastic?
If not native realm, what realm is the elastic user in? and can it be used in the authorization_realms?

Thanks

tiuser4567 · April 29, 2019, 4:11pm

Sorry, found the answer, it is using the "reserved" realm.

Didn't find "reserved" realm in the documentation "https://www.elastic.co/guide/en/elastic-stack-overview/7.0/setting-up-authentication.html"

but only through another post Authentication of [elastic] was terminated by realm [reserved]

system · May 27, 2019, 4:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.