X-pack security fallback realm configuration?


(Jharrisonpnnl) #1

Hi all,
I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:

	    type: native
        order: 1
	    type: pki
        order: 0

Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?

(Jharrisonpnnl) #2

Scratch that - setting
xpack.security.http.ssl.client_authentication: required
instead of
xpack.security.http.ssl.client_authentication: optional

is the cause of the issue.
Once set to optional, I'm able to successfully authenticate with either option

(system) closed #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.