'How to secure Elasticsearch's REST API via OAuth2 tokens?
In our company, we have an Elasticsearch cluster (ES) and another product (I'll call it DataProvider) that puts data into that cluster. These puts are made by calling the ES's REST API.
Until now, the authentication is done via BasicAuth. I.e. the DataProvider puts a special HTTP header into each request, and the ES somehow validates the provided credentials against a user directory.
Now we'd like to switch the authentication from BasicAuth to OAuth tokens. I.e. we have an identity provider (a keycloak server), and the DataProvider can obtain OAuth2 tokens from it (using the "client credentials" protocol). It can then put the token into the requests sent to ES.
But then we'd have to somehow configure ES so that it validates tokens against the same identity provider.
I searched but could not find any docs or tutorials about it. I now even think that this is not supported by ES and that one has to install some kind of authenticating proxy for that.
Am I right? I'd be glad if someone would prove me wrong and give a docs reference or a short description of how it can be done.
elasticsearchSources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|