You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today there are HTTPAuthenticator.java and AuthenticationBackend.java which are extensible through the security plugin for OpenSearch. There are existing implementations for internal user storage, kerberos, saml, ldap, and jwt exchange, The dependency on the Security plugin interfaces does not seem like the correct long term solution for extensions that want to provide authentication.
As many customers have existing Identity Providers (IdP) they can leverage how should we support these with extensions. Alternatively, should these be supported in another way perhaps built into OpenSearch?
The text was updated successfully, but these errors were encountered:
Broadly speaking, I see four main identity/authentication use cases:
Key pair / certificate-based
UserId/password based
Federated identity / single sign-on
Anonymous / public access
The existing features in the Security plugin address 1 and 2 (and 4, sort-of). It seems reasonable to continue to offer this capability in the future, although the decision should be made whether to use a plugin or build that capability into core.
Case 3 would probably require an individual extension for each federation method (or at least a standards-based common ground) and would probably be a good longer-term goal.
Today there are HTTPAuthenticator.java and AuthenticationBackend.java which are extensible through the security plugin for OpenSearch. There are existing implementations for internal user storage, kerberos, saml, ldap, and jwt exchange, The dependency on the Security plugin interfaces does not seem like the correct long term solution for extensions that want to provide authentication.
As many customers have existing Identity Providers (IdP) they can leverage how should we support these with extensions. Alternatively, should these be supported in another way perhaps built into OpenSearch?
The text was updated successfully, but these errors were encountered: