Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to perform token authentication in elasticsearch?

Tags:

authentication

curl

elasticsearch

I'm testing Elasticsearch in development mode with docker official image.

The basic install is based on X_pack and basic authentication.

Everything works fine by performing curl like:

curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d'
{
  "title": "The Godfather",
  "director": "Francis Ford Coppola",
  "year": 1972, "user":"elastic", "password":"changeme"
}'

But is there a way to perform a token request (with user and password) and then query Elasticsearch with the token. Instead of having to specify user/password every time I perform a query?

like image 365
Nicortn Avatar asked Aug 06 '17 09:08

Nicortn

People also ask

How do I add basic authentication to Elasticsearch?

If you are running ELK stack with a basic or trial License, the basic security is disabled by default. Thus, to enable basic security feature in Elasticsearch, set the value of xpack. security. enabled to true in Elasticsearch configuration file, ES_PATH_CONF/elasticsearch.

What is token-based authentication in Elasticsearch?

The token-based authentication services are used for authenticating and managing tokens. You can attach these tokens to requests that are sent to Elasticsearch and use them as credentials. When Elasticsearch receives a request that must be authenticated, it consults the token-based authentication services first, and then the realm chain.

Why do we need to authenticate a user in Elasticsearch?

Authentication is allowed because the client certificate that we sent to the cluster was signed by the same CA as the http TLS/SSL certificates used by the Elasticsearch nodes. Now that we are authenticated, we need to authorize this user to be able to do something.

How to test communication between Elasticsearch and the ElasticSearch server?

Start the ElasticSearch service. Test your communication with the ElasticSearch server. Here is the command output. The ElasticSearch server is requiring user authentication. Set the password for the ElasticSearch internal accounts. Here is the command output. Test your communication with the ElasticSearch server using the ELASTIC user account.

What is JWT authentication in Elasticsearch?

Authentication support for JWT bearer tokens was introduced in Elasticsearch 8.2 through the JWT realm, which cannot be enabled through token-authentication services. Realms offer flexible order and configurations of zero, one, or multiple JWT realms.

2 Answers

The default X_Pack in docker image has Basic authentication enabled. Which is what your are using. The token for the same is base64(user:password). You can generate the same using http://base64encode.org and inputing :.

In curl there are two ways to call Basic auth URLs

curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d''

which you have already been using 

curl -H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" -XPUT "http://localhost:9200/movies/movie/1" -d'....'

Now if your problem is putting in this again and again then you better create a alias in your bash profile like below

alias curles='curl  -u elastic:elasticpassword'

After that you can call your commands as below

curles -XPUT "http://localhost:9200/movies/movie/1" -d''
like image 122
Tarun Lalwani Avatar answered Sep 28 '22 05:09

Tarun Lalwani

Cutting out a lot of my original answer because you could argue it's all local, but leaving one major complaint about security here:

  1. Definitely don't go to base64encode.org and enter your username:password. The very fact that it is suggested here on StackOverflow makes that site now (sadly for the owners) and incredibly juicy hacking target to compromise since they know people are going there.
like image 31
Dan Ehrlich Avatar answered Sep 28 '22 03:09

Dan Ehrlich
Sign in to Comment

Related questions

What status code should a REST API return for login requests performed with wrong credentials?
Interactive command prompt as NETWORK SERVICE
How to handle OAuth URL callbacks with Intent filters if authentication is done with webview?
How to pass Windows Authentication credential from client to Web API service
SVN authentication cancelled [closed]
User Auth in EventSourcing applications
Spring Boot keycloak and basic authentication together in the same project
Securely creating and destroying login sessions in PHP
Make an HTTP POST authentication basic request using Javascript
Firebase and new Google Sign-In on Android
Hadoop IOException failure to login
Windows Identity Foundation sample MVC application
Python 3 - urllib, HTTP Error 407: Proxy Authentication Required
ASP .NET Core Identity default authentication vs JWT authentication
rspec controller test with devise authentication
Authenticate by IP address in Django
How do I get current_user in ActionCable rails-5-api app?
Using authentication token in azure sdk fluent
SuppressDefaultHostAuthentication in WebApi.Owin also suppressing authentication outside webapi
What is OAuth and how does it secure REST API calls? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!