Hi,
Is the PKI realm supported for clusters in ECE? I had a look through the documentation but didn't see any mention, just wanted to double check that I haven't missed something.
Thanks,
Aaron
Hi,
Is the PKI realm supported for clusters in ECE? I had a look through the documentation but didn't see any mention, just wanted to double check that I haven't missed something.
Thanks,
Aaron
The biggest limitation is that normally these types of auth require access to files (eg in the PKI case I believe you will normally want a custom trust store and optionally a roles mapping file - though it seems like you can also set the role mapping via the xpack API)
1.0 is somewhat limited in its handling of custom files - you cannot configure the docker containers to view external files and the only way of importing files is via the user bundles in the ECE API (or via the equivalent field in the advanced config page, also under "elasticsearch"
) - this lets you specify a URL (which has to be "publicly available") of a zip file that is then expanded and its children under the sub-directory dictionaries
are copied into /app/config
in the container
Note we haven't tested this configuration internally, though we have demonstrated LDAP integration working (requires a similar use of bundles as described above), and also token based authentication (which just requires a change to the cluster settings)
Alex
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.