Hi.
I’ve set up my config.yml to the following, as described in the docs to handle this scenario:
authc:
basic_internal_auth_domain:
description: "Authenticate via HTTP Basic against internal users database"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
saml_auth_domain:
http_enabled: true
transport_enabled: false
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
entity_id: {{idp_entity_id}}
metadata_file: saml_metadata.xml
sp:
entity_id: opendistro-saml
kibana_url: {{kibana_url}}
roles_key: {{role_key}}
exchange_key: '{{some_key}}'
authentication_backend:
type: noop
This config pushes with no errors while running securityadmin.sh
However, while this allows SAML authentication for Kibana (after updating kibana.yml), it seems to break the Basic authentication. When I go to :9200 via a web browser, I get an immediate 401 error with no prompt to authenticate, and API requests will also throw a 401 after supplying the correct credentials.
I’m at my wit’s end, as I’ve looked at the sample config in the docs and compared it with mine and I’m not seeing any difference. It’s likely that it’s something small that I’m not seeing or forgot to do…
Any help would be greatly appreciated!