I want to find a simple example of JWT based authentication for Elasticsearch with docker.
I am using the the docker-compose.yml file provided by Elastic here at:
Is there a resource where I can set that up with the minimal settings required, I can use ruby based JWT to create the tokens.
Hello, thanks for reaching out,
I updated the tags since the Elastic Security references the "Elastic Security Solution" questions, this is an Elasticsearch question. I'll forward it to the correct team.
Hi,
First of all JWT authn is not available in version 7.17.
I recommend you go with version 8.12.
Secondly, docker/docker compose configuration is only tangential to (JWT) authn realm configuration (i.e. if you get to a JWT configuration that works for a single node cluster, launched under the env your most familar with, it should efortlessly translate to the docker compose setup).
Here are the docs explaining JWT configuration: JWT authentication | Elasticsearch Guide [8.12] | Elastic
JWT realm configuration is very versatile. You can also take inspiration from integration tests we use on our CI: elasticsearch/x-pack/qa/oidc-op-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/oidc/C2IdOpTestCase.java at fca3fc82beda930e75d147331dce4dbfdc546e61 · elastic/elasticsearch · GitHub
Hi Albert thanks for the tip. I did indeed try with 8.11.4 with a simple elasticsearch instance and without docker. I used the information provided by the documentation but had no success.
I get the following error when starting up elasticsearch:
fatal exception while booting Elasticsearchjava.lang.IllegalStateException: security initialization failed
at org.elasticsearch.security@8.11.4/org.elasticsearch.xpack.security.Security.createComponents(Security.java:656)
at org.elasticsearch.server@8.11.4/org.elasticsearch.node.Node.lambda$new$17(Node.java:759)
at org.elasticsearch.server@8.11.4/org.elasticsearch.plugins.PluginsService.lambda$flatMap$1(PluginsService.java:263)
at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
Im sure im missing something, thats why I was looking for a resource where I could following a step by step guide to add JWT to elasticsearch
Hi Lasra,
The snipped doesn't contain enough information to help with diagnosing.
Can you paste the full stack trace? In any case, the immediate problem doesn't look JWT-related (given the truncated stack trace you've shared).
Hi Albert, thanks for the help but turns out that the endpoint to use JWT authentication with DLS for Connectors was supposed to be the enterprisesearch endpoint and not the elasticsearch endpoint.
I assumed since API key authentication with DLS for connectors works with elasticsearch, it was supposed to be the same for JWT. My problem is now solved.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.