Yeah that should probably be better like:
Which will check the signature in the JWT using a shared secret (configured in kibana.yml) and set the encrypted cookie associated to the session.
From this moment the user name found in the JWT claims might simply travel in the X-Forwarded-User header all the way to Elasticsearch which will be configured with
proxy_auth rule as described in the docs.
And yes we can make the parameter name configurable.
Yeah let’s get this trial started