X-pack security fallback realm configuration?

Hi all,
I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:

xpack.security.authc.realms:
    native1:
	    type: native
        order: 1
    pki1:
	    type: pki
        order: 0

Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?

Scratch that - setting
xpack.security.http.ssl.client_authentication: required
instead of
xpack.security.http.ssl.client_authentication: optional

is the cause of the issue.
Once set to optional, I'm able to successfully authenticate with either option

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.