Here’s our use case:
Developers authenticate through all web and api applications using personal p12 cerificates mapped to their user accounts backed by LDAP. No passwords are used throughout the development process, only these certificates.
Commonly, developers import their p12 keys into their browser of choice (Chrome, Firefox, etc), and provide that upon visiting a web resource (Such as elasticsearch and kibana). The resource automatically authenticates them and maps their active user to the key backed by LDAP, everything is entirely seamless and without password provided logins.
My question:
Is this supported in opendistro? We’re looking to replace custom code / x-pack to be able to do this. We’d like to see this supported in both elasticsearch and kibana, as we use this method of authentication for both applications.
If this is possible, does anyone know the general process of getting this set up? The important part is that these keys are backed by LDAP, role mapping can be auto-populated later as that isn’t as important and I know it’s possible to modify this through the api.