Shield 1.3 and 1.2.2 Released
Today we’re excited to announce Shield 1.3 and Shield 1.2.2! Read below for all of the details and then download it here.
Shield 1.2.2 is a bugfix release, please refer to the change list for details on what has been fixed.
Shield 1.3 is the latest feature release and is our first release to introduce a new realm! Shield 1.3 also includes a new output for auditing and several other enhancements. Here are the highlights:
pki realm
The Public Key Infrastructure (PKI) realm is the first new realm to be introduced since Shield was released and is a very important realm. We received a lot of feedback from users who wanted to directly authenticate their application servers without storing user credentials. In many of these cases, the PKI realm can be used in place of storing and passing credentials. The PKI realm uses X.509 certificates for authentication and maps the distinguished name (DN) to a user via the configured role mappings.
index output for auditing
An index based output for auditing has been added. This output allows indexing of audit events into the current cluster or a remote cluster. This means that the audit logs can now be searched and analyzed using elasticsearch out of the box. For more details on configuring the index based auditing, please refer to the documentation.
Here's an example Kibana dashboard based on the audit data:
breaking changes
Shield 1.3 does contain a few breaking changes, though in most cases, upgrading to Shield 1.3 will not require any additional changes.
The first breaking change is that the sha2
and apr1
hashing algorithms have been removed as options for cache.hash_algo
setting. If you are using either of these, please specify one of the other supported hashing algorithms or remove this setting altogether to fall back on the default, ssha256
.
Additionally, the users
file now only supports bcrypt
password hashes. The esusers
tool has always generated bcrypt
hashes, so as long as this tool is used, there will be no issues when upgrading to Shield 1.3.
other changes
Refer to the Shield 1.3 change list for the full list of changes including bug fixes and other enhancements.
upgrading
Please refer to the upgrade section of the Shield documentation.
feedback
We would love to hear any feedback that you may have via the Shield category in our forums.