Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow xpack.security.authc.token.enabled: false with tls disabled #81817

Closed
coolbry95 opened this issue Dec 16, 2021 · 3 comments
Closed

Allow xpack.security.authc.token.enabled: false with tls disabled #81817

coolbry95 opened this issue Dec 16, 2021 · 3 comments
Labels
>enhancement :Security/Security Security issues without another label

Comments

@coolbry95
Copy link

I am trying to use Istio with eck/elk. The issue I am having is that I cannot disable https for elk because it gives an exception.

Likely root cause: java.lang.IllegalStateException: OpenID Connect Realm requires that the token service be enabled (xpack.security.authc.token.enabled)

This exception is raised when I turn the xpack.security.authc.token.enabled setting to true.
bootstrap check failure [1] of [1]: HTTPS is required in order to use the API key service; please enable HTTPS using the [xpack.security.http.ssl.enabled] setting or disable the API key service using the [xpack.security.authc.api_key.enabled] setting

Here are the two related issue/PR.
elastic/cloud-on-k8s#3213
#76801

I am not quite sure what the OIDC realm matters. Is elastic using OIDC internally for its tokens? I am using OIDC for SSO but the ssl is terminated by the Istio gateway for the callback from the OIDC provider.

Is it possible to turn off https and let Istio handle that part?
@coolbry95 coolbry95 added >enhancement needs:triage Requires assignment of a team area label labels Dec 16, 2021
@gwbrown gwbrown added the :Security/Security Security issues without another label label Dec 16, 2021
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Dec 16, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@gwbrown gwbrown removed Team:Security Meta label for security team needs:triage Requires assignment of a team area label labels Dec 16, 2021
@knechtionscoding
Copy link

This is still relevant for others.

@ywangd ywangd mentioned this issue Jul 20, 2022
Open
@ywangd
Copy link
Member

ywangd commented Jul 20, 2022

Close this to in favour of #88541

@ywangd ywangd closed this as completed Jul 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>enhancement :Security/Security Security issues without another label
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gwbrown @ywangd @knechtionscoding @coolbry95 @elasticmachine