X-pack security fallback realm configuration?

jharrisonpnnl · January 11, 2019, 4:51pm

Hi all,
I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:

xpack.security.authc.realms:
    native1:
	    type: native
        order: 1
    pki1:
	    type: pki
        order: 0

Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?

jharrisonpnnl · January 11, 2019, 7:56pm

Scratch that - setting
xpack.security.http.ssl.client_authentication: required
instead of
xpack.security.http.ssl.client_authentication: optional

is the cause of the issue.
Once set to optional, I'm able to successfully authenticate with either option

system · February 8, 2019, 7:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't configure PKI authentication Elasticsearch	15	2908	July 6, 2017
PKI authentication for "elastic" user Elasticsearch	2	540	May 27, 2019
Authentication with JWT and FallBack on Basic Elasticsearch	2	420	June 5, 2018
Configure PKI authentication for Elasticsearch 7.7 Elasticsearch elastic-stack-security	13	1063	January 10, 2023
ElasticSearch XPack - PKI Realm authentication defaults to native authentication Elasticsearch elastic-stack-security	4	2356	May 25, 2020

X-pack security fallback realm configuration?

Related topics