Skip to content

Allow User/Password realms to disable authc #34033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 5, 2018
Merged

Allow User/Password realms to disable authc #34033

merged 3 commits into from
Oct 5, 2018

Conversation

@tvernum
Copy link
Contributor

@tvernum tvernum commented Sep 25, 2018
edited
Loading

The "lookupUser" method on a realm facilitates the "run-as" and
"authorization_realms" features.
This commit allows a realm to be used for "lookup only", in which
case the "authenticate" method (and associated token methods) are
disabled.
It does this through the introduction of a new
"authentication.enabled" setting, which defaults to true.

Closes: #33292

@tvernum
Allow User/Password realms to disable authc
fdce33b 
The "lookupUser" method on a realm facilitates the "run-as" and
"authorization_realms" features.
This commit allows a realm to be used for "lookup only", in which
case the "authenticate" method (and associated token methods) are
disabled.
It does this through the introduction of a new
"authentication.enabled" setting, which defaults to true.
@tvernum tvernum added >feature review v7.0.0 :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.5.0 labels Sep 25, 2018
@tvernum tvernum requested review from bizybot and jaymode September 25, 2018 07:29
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 25, 2018

Pinging @elastic/es-security

bizybot
bizybot approved these changes Sep 26, 2018
View reviewed changes
Copy link
Contributor

@bizybot bizybot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thank you.

jaymode
jaymode approved these changes Sep 26, 2018
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tvernum tvernum merged commit 63dbd1d into elastic:master Oct 5, 2018
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Oct 5, 2018
@jasontedor
Merge branch 'master' into follow-stats-structure
cdd96aa 
* master:
  Rename CCR stats implementation (elastic#34300)
  Add max_children limit to nested sort (elastic#33587)
  MINOR: Remove Dead Code from Netty4Transport (elastic#34134)
  Rename clsuterformation -> testclusters (elastic#34299)
  [Build] make sure there are no duplicate classes in third party audit (elastic#34213)
  BWC Build: Read CI properties to determine java version (elastic#34295)
  [DOCS] Fix typo and add [float]
  Allow User/Password realms to disable authc (elastic#34033)
  Enable security automaton caching (elastic#34028)
  Preserve thread context during authentication. (elastic#34290)
  [ML] Allow asynchronous job deletion (elastic#34058)
jasontedor added a commit to martijnvg/elasticsearch that referenced this pull request Oct 5, 2018
@jasontedor
Merge branch 'master' into ccr_clear_fetch_errors_empty_fetch_response
69c3484 
* master: (63 commits)
  [Build] randomizedtesting: Allow property values to be closures (elastic#34319)
  Feature/hlrc ml docs cleanup (elastic#34316)
  Docs: DRY up CRUD docs (elastic#34203)
  Minor corrections in geo-queries.asciidoc (elastic#34314)
  [DOCS] Remove beta label from normalizers (elastic#34326)
  Adjust size of BigArrays in circuit breaker test
  Adapt bwc version after backport
  Follow stats structure (elastic#34301)
  Rename CCR stats implementation (elastic#34300)
  Add max_children limit to nested sort (elastic#33587)
  MINOR: Remove Dead Code from Netty4Transport (elastic#34134)
  Rename clsuterformation -> testclusters (elastic#34299)
  [Build] make sure there are no duplicate classes in third party audit (elastic#34213)
  BWC Build: Read CI properties to determine java version (elastic#34295)
  [DOCS] Fix typo and add [float]
  Allow User/Password realms to disable authc (elastic#34033)
  Enable security automaton caching (elastic#34028)
  Preserve thread context during authentication. (elastic#34290)
  [ML] Allow asynchronous job deletion (elastic#34058)
  HLRC: ML Adding get datafeed stats API (elastic#34271)
  ...
tvernum added a commit that referenced this pull request Oct 15, 2018
@tvernum
Allow User/Password realms to disable authc (#34033)
87580cd 
The "lookupUser" method on a realm facilitates the "run-as" and
"authorization_realms" features.
This commit allows a realm to be used for "lookup only", in which
case the "authenticate" method (and associated token methods) are
disabled.
It does this through the introduction of a new
"authentication.enabled" setting, which defaults to true.
kcm pushed a commit that referenced this pull request Oct 30, 2018
@tvernum @kcm
Allow User/Password realms to disable authc (#34033)
95000c8 
The "lookupUser" method on a realm facilitates the "run-as" and
"authorization_realms" features.
This commit allows a realm to be used for "lookup only", in which
case the "authenticate" method (and associated token methods) are
disabled.
It does this through the introduction of a new
"authentication.enabled" setting, which defaults to true.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaymode jaymode jaymode approved these changes

+1 more reviewer

@bizybot bizybot bizybot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

>feature :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tvernum @elasticmachine @bizybot @jaymode @colings86