How to setup Kibana SSO (through OAuth)?

Question

My company tries very hard to keep a SSO for all third party services. I'd like to make Kibana work with our Google Apps accounts. Is that possible? How?

Answer 1

From Elasticsearch, Kibana 5.0, shield plugin (security plugin) is embedded in x-pack (paid service). So from Kibana 5.0 you can :

• use X-Pack
• use Search Guard

Both these plugin can be used with basic authentication, so you can apply an Oauth2 proxy like this one. One additionnal proxy would forward the request with the right Authorization header with the digest base64(username:password)

The procedure is depicted in this article for x-pack. So you will have :

I've setup a docker-compose configuration in this repo for using either searchguard or x-pack with Kibana/Elasticsearch 6.1.1 :

• docker-compose for searchguard
• docker-compose for x-pack