Using OIDC authenticated browser session to query Elasticsearch API

Hi There,

We are currently successfully using an OIDC setup with Keycloak to integrate Kibana dashboards into our customer portal. We use Elastic Cloud as backend and host the Kibana instances ourselves. Both running 7.5.1.

OIDC config:

xpack:
  security:
    authc:
      realms:
        oidc:
          customer: 
            order: 2
            rp.client_id: "kibana" 
            rp.response_type: "code"
            rp.redirect_uri: "https://kibana.***********.com/api/security/v1/oidc" 
            rp.post_logout_redirect_uri: "https://kibana.***********.com/logout"
            op.issuer: "https://keycloak.***********.com/auth/realms/customer" 
            op.authorization_endpoint: "https://keycloak***********.com/auth/realms/customer/protocol/openid-connect/auth" 
            op.token_endpoint: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/token" 
            op.userinfo_endpoint: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/userinfo" 
            op.jwkset_path: "https://keycloak.***********.com/auth/realms/customer/protocol/openid-connect/certs" 
            claims.principal: sub
            claims.name: preferred_username
            claims.mail: email
            claims.groups: groups

Plans are to add some D3 graphs to our portal that need direct access to the elasticsearch API with the logged on credentials.

My dev guys are have not been able to create a successful setup. The article on your website (https://www.elastic.co/guide/en/elasticsearch/reference/current/oidc-without-kibana.html) didn't really help.

Questions:

  • is what we are trying to achieve possible?
  • do you have any working examples that we could use as a reference?

Thanks,
Dennis

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.