Siren Platform User Guide

Verification

After sg_config.yml has been loaded you can verify if the authentication is working by mapping a username in the Active Directory / Kerberos domain to a Search Guard role mapping, for example:

sirenuser:
  users:
    - sirenuser
    - domainuser

After the mapping is loaded to the cluster, logon to a machine in the domain with the domain user and open the cluster URL in a Kerberos enabled browser (for example Chrome on Windows).

If everything is set up correctly you should see the default JSON response of Elasticsearch in the browser without having to enter credentials, for example:

{
  "name" : "Node",
  "cluster_name" : "cluster",
  "cluster_uuid" : "nimUDAyBQWSskuHoAQG06A",
  "version" : {
    "number" : "5.4.0",
    "build_hash" : "fcbb46dfd45562a9cf00c604b30849a6dec6b017",
    "build_timestamp" : "2017-01-03T11:33:16Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.2"
  },
  "tagline" : "You Know, for Search"
}

If you are getting an authentication popup, ensure that the Elasticsearch cluster URL is in a trusted zone.

To add a site to the trusted zone on Windows:

  1. Open Internet Explorer and click Internet options.

  2. Click the Security tab.

  3. Click Local Intranet.

  4. Click Sites.

  5. Click Advanced.

  6. Add the URL of the cluster to the list (the port can be omitted).

After the cluster is in the trusted zone, try to open the cluster URL again.

Internet Explorer options are also used by Chrome on Windows.

Search results

    No results found