Hello I have such config.yml
—
_meta:
type: “config”
config_version: 2
config:
dynamic:
do_not_fail_on_forbidden: true
http:
anonymous_auth_enabled: false
xff:
enabled: true
internalProxies: '.*' # regex pattern
remoteIpHeader: 'x-forwarded-for'
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: intern
proxy_auth_domain:
description: "Authenticate via proxy"
http_enabled: true
transport_enabled: false
order: 0
http_authenticator:
type: proxy
challenge: false
config:
user_header: "x-proxy-user"
roles_header: "x-proxy-roles"
authentication_backend:
type: noop
I use such command to apply it
./securityadmin.sh -f config.yml -icl -nhnv -cert kirk.pem -cacert root-ca.pem -h -key kirk-key.pem -t config
In ES log I can see it -
[2020-12-10T19:11:00,309][DEBUG][c.a.o.s.c.ConfigurationLoaderSecurity7] [olimp_master] Received config for internalusers (of [INTERNALUSERS]) with current latch value=0
[2020-12-10T19:11:00,546][DEBUG][c.a.o.s.c.ConfigurationLoaderSecurity7] [olimp_master] Received config for internalusers (of [INTERNALUSERS]) with current latch value=0
[2020-12-10T19:11:00,685][DEBUG][c.a.o.s.d.r.a.RestApiPrivilegesEvaluator] [olimp_master] Checking admin access for endpoint CONFIG, path /_opendistro/_security/api/securityconfig and method GET
[2020-12-10T19:11:00,690][DEBUG][c.a.o.s.c.ConfigurationLoaderSecurity7] [olimp_master] Load config with version 2
[2020-12-10T19:11:00,693][DEBUG][c.a.o.s.c.ConfigurationLoaderSecurity7] [olimp_master] Received config for config (of [CONFIG]) with current latch value=0
But in kibana web interface proxy_auth is still disabled:
Need some help