X-pack security fallback realm configuration?

jharrisonpnnl · January 11, 2019, 4:51pm

Hi all,
I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:

xpack.security.authc.realms:
    native1:
	    type: native
        order: 1
    pki1:
	    type: pki
        order: 0

Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?

jharrisonpnnl · January 11, 2019, 7:56pm

Scratch that - setting
xpack.security.http.ssl.client_authentication: required
instead of
xpack.security.http.ssl.client_authentication: optional

is the cause of the issue.
Once set to optional, I'm able to successfully authenticate with either option

system · February 8, 2019, 7:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
PKI authentication for "elastic" user Elasticsearch	2	539	May 27, 2019
Authentication with JWT and FallBack on Basic Elasticsearch	2	420	June 5, 2018
Configure PKI authentication for Elasticsearch 7.7 Elasticsearch elastic-stack-security	13	1058	January 10, 2023
ElasticSearch XPack - PKI Realm authentication defaults to native authentication Elasticsearch elastic-stack-security	4	2350	May 25, 2020
Elasticsearch SSL/TLS PKI realm setup Elasticsearch elastic-stack-security	14	1940	April 6, 2021

X-pack security fallback realm configuration?

Related Topics