# HTTP
# basic (challenging)
# proxy (not challenging, needs xff)
-# kerberos (challenging) NOT FREE FOR COMMERCIAL
+# kerberos (challenging)
# clientcert (not challenging, needs https)
-# jwt (not challenging) NOT FREE FOR COMMERCIAL
+# jwt (not challenging)
# host (not challenging) #DEPRECATED, will be removed in a future version.
# host based authentication is configurable in sg_roles_mapping
# Authc
# internal
# noop
-# ldap NOT FREE FOR COMMERCIAL USE
+# ldap
# Authz
-# ldap NOT FREE FOR COMMERCIAL USE
+# ldap
# noop
searchguard:
# Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
#filtered_alias_mode: warn
#kibana:
- # Kibana multitenancy - NOT FREE FOR COMMERCIAL USE
+ # Kibana multitenancy
# see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md
# To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki
#multitenancy_enabled: true
transport_enabled: false
order: 6
http_authenticator:
- type: kerberos # NOT FREE FOR COMMERCIAL USE
+ type: kerberos
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
challenge: false
authentication_backend:
# LDAP authentication backend (authenticate users against a LDAP or Active Directory)
- type: ldap # NOT FREE FOR COMMERCIAL USE
+ type: ldap
config:
# enable ldaps
enable_ssl: false
transport_enabled: false
authorization_backend:
# LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
- type: ldap # NOT FREE FOR COMMERCIAL USE
+ type: ldap
config:
# enable ldaps
enable_ssl: false
roles_from_another_ldap:
enabled: false
authorization_backend:
- type: ldap # NOT FREE FOR COMMERCIAL USE
+ type: ldap
#config goes here ...
Code Review / oom.git / commitdiff