Oct 16 – 20, 2017
Asia/Tokyo timezone

Securing Elasticsearch for free: integration with SSO and Kerberos at CC-IN2P3

Oct 19, 2017, 2:00 PM


1-1 Oho, Tsukuba, Ibaraki 305-0801 Japan 36°09'01.0"N 140°04'28.1"E 36.150290, 140.074485
Basic IT Services Basic IT services


Fabien Wernli (CCIN2P3)


It is now a well-known fact in the HEPiX community that the Elastic stack (FKA ELK) is
an extremely useful tool to dive into huge log data entries. It has also been presented multiple times
as lacking the security features so often needed in multi-user environments. Although it now provides
a plugin addressing some of those concerns, it requires the acquisition of a commercial license.

We present floragunn's Searchguard: an Elasticsearch plugin that provides authentication, authorization
and encryption. It also bundles a Kibana plugin that offers multi-tenant views and dashboards.
We then focus on its integration with Kerberos, CAS (SSO) and syslog-ng at CC-IN2P3.
If time permits we'll present gotchas and performance considerations.

Desired length 20

Primary author

Fabien Wernli (CCIN2P3)

Presentation materials