X-pack security fallback realm configuration?

jharrisonpnnl · January 11, 2019, 4:51pm

Hi all,
I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:

xpack.security.authc.realms:
    native1:
	    type: native
        order: 1
    pki1:
	    type: pki
        order: 0

Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?

jharrisonpnnl · January 11, 2019, 7:56pm

Scratch that - setting
xpack.security.http.ssl.client_authentication: required
instead of
xpack.security.http.ssl.client_authentication: optional

is the cause of the issue.
Once set to optional, I'm able to successfully authenticate with either option

system · February 8, 2019, 7:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.