PKI Realm

(Aaron) #1


Is the PKI realm supported for clusters in ECE? I had a look through the documentation but didn't see any mention, just wanted to double check that I haven't missed something.



(Alex Piggott) #2


The biggest limitation is that normally these types of auth require access to files (eg in the PKI case I believe you will normally want a custom trust store and optionally a roles mapping file - though it seems like you can also set the role mapping via the xpack API)

1.0 is somewhat limited in its handling of custom files - you cannot configure the docker containers to view external files and the only way of importing files is via the user bundles in the ECE API (or via the equivalent field in the advanced config page, also under "elasticsearch") - this lets you specify a URL (which has to be "publicly available") of a zip file that is then expanded and its children under the sub-directory dictionaries are copied into /app/config in the container

Note we haven't tested this configuration internally, though we have demonstrated LDAP integration working (requires a similar use of bundles as described above), and also token based authentication (which just requires a change to the cluster settings)


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.