Configuring the Elasticsearch security parameters
The Elasticsearch integration within IBM® Spectrum Conductor includes an Elasticsearch plugin that provides end-to-end encrypted communications and uses an EGO JNI provider for enterprise authentication and authorization assurance. For more information about enabling or disabling SSL for Elasticsearch, see SSL for the Elastic Stack topic. Follow the procedure in this task to configure the Elasticsearch security parameters for authentication and authorization.
About this task
The configuration file is available at $EGO_CONFDIR/../../integration/elk/conf/elasticsearch/elasticsearch.yml.
The list of Elasticsearch security parameters that you can configure:
- orchestrator.security.auth.enable
- Valid value: true or false
- orchestrator.security.auth.providers.egojni.class
- Default:
com.ibm.security.orchestrator.authentication.provider.EgoJNIAuthenticationProvider - orchestrator.security.auth.providers.egojni.egotoken.cache_timeout_min
- Valid value: Any positive integer. Set to 0 to disable the cache timeout.
Procedure
- Stop the Elastic Stack services, see Stopping Elastic Stack services.
- In a text editor, open the
$EGO_CONFDIR/../../integration/elk/conf/elasticsearch/elasticsearch.ymlconfiguration file. - Optional: By default, the security of Elasticsearch is enabled. To disable the authentication and authorization of Elasticsearch, set the orchestrator.security.auth.enable parameter to false.
- Optional: By default, the cache is set to expire tokens after 30 minutes. You can set the orchestrator.security.auth.providers.egojni.egotoken.cache_timeout_min parameter to any positive integer value to modify the cache token expiration time in minutes. Or you can disable the cache timeout by setting the value to 0.
- Restart the Elastic Stack services, see Starting Elastic Stack services.