- Shield Reference for 2.x and 1.x:
- Introduction
- Getting Started with Shield
- Installing Shield
- How Shield Works
- User Authentication
- How Authentication Works
- Enabling Anonymous Access [1.1.0] Added in 1.1.0.
- Native User Authentication
- LDAP User Authentication
- Active Directory User Authentication
- PKI User Authentication [1.3.0] Added in 1.3.0.
- File-based User Authentication
- Integrating with Other Authentication Systems
- Controlling the User Cache
- Migration tool for users and roles
- Role-based Access Control
- Auditing Security Events
- Securing Communications with Encryption and IP Filtering
- Configuring Clients and Integrations
- Managing Your License
- Example Shield Deployments
- Reference
- Limitations
- Troubleshooting
- Setting Up a Certificate Authority
- Release Notes
Enabling Anonymous Access
editEnabling Anonymous Access [1.1.0] Added in 1.1.0.
editThe authentication process can be split into two phases - token extraction and user authentication. During the first phase (token extraction phase), the configured realms are requested to try and extract/resolve an authentication token from the incoming request. The first realm that finds an authentication token in the request "wins", meaning, the found authentication token will be used for authentication (moving to the second phase - user authentication - where each realm that support this authentication token type will try to authenticate the user).
In the event where no authentication token was resolved by any of the active realms, the incoming request is considered to be anonymous.
By default, anonymous requests are rejected and an authentication error is returned (status code 401
). It is possible
to change this behaviour and instruct Shield to associate an default/anonymous user with the anonymous request. This can
be done by configuring the following settings in the elasticsearch.yml
file:
The username/principal of the anonymous user. This setting is optional and will be set to |
|
The roles that will be associated with the anonymous user. This setting is mandatory - without it, anonymous access will be disabled (i.e. anonymous requests will be rejected and return an authentication error) |
|
When |
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now