Unauthenticated routes in security plugin

mibra · May 7, 2021, 6:57am

Hello everyone,

Any idea on how to configure OD security plugin’s unauthenticated routes? My goal is to add a reset password page. I added a new plugin and cofigure it like so:

uiExports: {
      hacks: [
        'plugins/login_plugin/hack'
      ],
      apps: [
        {
          id: 'reset-password',
          title: 'Reset password',
          auth: false,
          hidden: true,
          main: 'plugins/login_plugin/reset-password'
        }
      ],
      styleSheetPaths: [resolve(__dirname, 'public/index.scss'), resolve(__dirname, 'public/index.css')].find(p => existsSync(p))
    },

But If not logged in, reset-password page can’t be accessed and it redirects back to login page.

I also tried in kibana.yml
opendistro_security.auth.unauthenticated_routes: ["/reset-password"]
but it still asks for username and password to access the page. Need some help, pls.
I’m using OP security plugin version 7.x.x with kibana 7.3.2.

jakrol · October 6, 2021, 2:51pm

Hallo mibra,

did you ever get opendistro_security.auth.unauthenticated_routes to work? I also try to exclude some urls from authentication if it seems as if opendistro_security.auth.unauthenticated_routes is just ignored.

jakrol · October 7, 2021, 12:18pm

Nevermind, I found my mistake: URL listed in opendistro_security.auth.unauthenticated_routes must start with ‘/’.

Topic		Replies	Views
Kibana doesn't redicrt to login-page Security	4	717	February 17, 2021
Оpendistro-security with ELK (basic license) Open Source Elasticsearch and Kibana	2	1048	March 26, 2021
How to disable the login page of opendistro kibana 7.10.2 version in Windows Security	4	834	August 23, 2021
OpenDistro Kibana Login Allowing any login Security	9	5554	May 27, 2020
Skip login page for anonymous Kibana access Security	2	1143	August 23, 2021

Unauthenticated routes in security plugin

Related Topics