honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/client/rest-high-level
History
Yogesh Gaikwad 2f173402ec
Add kerberos grant_type to get token in exchange for Kerberos ticket (#42847) (#43355) 
Kibana wants to create access_token/refresh_token pair using Token
management APIs in exchange for kerberos tickets. `client_credentials`
grant_type requires every user to have `cluster:admin/xpack/security/token/create`
cluster privilege.

This commit introduces `_kerberos` grant_type for generating `access_token`
and `refresh_token` in exchange for a valid base64 encoded kerberos ticket.
In addition, `kibana_user` role now has cluster privilege to create tokens.
This allows Kibana to create access_token/refresh_token pair in exchange for
kerberos tickets.

Note:
The lifetime from the kerberos ticket is not used in ES and so even after it expires
the access_token/refresh_token pair will be valid. Care must be taken to invalidate
such tokens using token management APIs if required.

Closes #41943
 		2019-06-19 18:26:52 +10:00
..
src Add kerberos grant_type to get token in exchange for Kerberos ticket (#42847) (#43355) 2019-06-19 18:26:52 +10:00
build.gradle [Backport] Remove dependency substitutions 7.x (#42866) 2019-06-04 13:50:23 -07:00
testnode.crt HLRC: Get SSL Certificates API (#34135) 2018-10-15 17:20:34 +01:00
testnode.jks HLRC: Get SSL Certificates API (#34135) 2018-10-15 17:20:34 +01:00