Multiple services are pushing documents to our elasticsearch and it’s validated via JWT authentication
As per my understanding authentication, is happening based on the order updated in the config.yml (/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml)
When we tried to onboard new service with the order:7 requests started failing with the error 401 hence for testing purpose, used JWT type with the order:6 and it succeeds.
Do we have any limitation from opendistro related to the authentication order which it will support?
Example:
Worked configuration:
jwt_auth_domain6:
http_enabled: true
transport_enabled: false
order: 6
http_authenticator:
type: jwt
challenge: false
config:
signing_key: |-
-----BEGIN PUBLIC KEY-----
KEY
-----END PUBLIC KEY-----
jwt_header: “Authorization”
jwt_url_parameter: null
roles_key: “roles”
subject_key: “sub”
authentication_backend:
type: noop
Not working configuration:
jwt_auth_domain7:
http_enabled: true
transport_enabled: false
order: 7
http_authenticator:
type: jwt
challenge: false
config:
signing_key: |-
-----BEGIN PUBLIC KEY-----
KEY
-----END PUBLIC KEY-----
jwt_header: “Authorization”
jwt_url_parameter: null
roles_key: “roles”
subject_key: “sub”
authentication_backend:
type: noop
Note:
We have already used till order:6 for other services