This idea is coming out of an issue that was recently encountered due to change in ROR behavior on how not authorized cases are handled in version 1.19.0. Though the awesome ROR team is anyway fixing that issue in the ROR OSS version, that thread raised a genuine point on why shouldn’t ROR make the login page available in the OSS version. So i am throwing out that idea here instead of tracking it on other thread, so that this request can be tracked separately and others can chime in.
To give some background, till version 6.8.0, Elasticsearch team treated security as a premium feature and did not ship it with their core product. It was part of their X-Pack subscription. This meant that unless you had one of the Gold/Platinum/Enterprise subscription and still wanted to secure your cluster, you had to rely on setting up reverse proxy or 3rd party plugins like ROR and Searchguard (to name a few) to ensure that your clusters are secure. Both ROR and Searchguard also provided different flavors of their plugins (starting from free to different commercial license models) to meet different customer needs.
If you Google, you will find several instances of Elasticsearch security breach and ransom attack that was purely attributed to people running unsecured clusters. Though multiple such instances itself did not push Elasticsearch to make security available as a core feature of their free version, the arrival of Open Distro for Elasticsearch and Elasitc’s own push for cloud offerings and direct competition with AWS Elasticsearch seems to have made the difference in their decision making. (I fully take the responsibility of stating that this may be pure conjecture on my part as I am not privy to their decision making process , but I have strong reasons to believe that this was case, irrespective what reasons are publicly stated).
Now irrespective of how they arrived at this decision, it was a good decision from Elasticsearch community perspective that Elasticsearch started shipping with security with their basic license (which is free for lifetime), which also includes a login page in Kibana. Open distro also ships with security plugin which comes with login page for Kibana. So the logical question was is it too much to ask for ROR to have the Kibana login page also made available for the OSS version?
I know that its available in the pro version of the Kibana plugin. But pro version has several other features. But given that core product plus competition is providing the login page with their free versions, does it make sense for ROR not to treat having login page as a vanity feature (this may have been a differentiator 3 years back) and make it available with the OSS version?
I am not going to get greedy and ask for too many features to be included with the free Kibana plugin and will leave that decision making in the capable hands of the ROR team to decide what all they want to include with it. For the time being, I am limiting my request to providing the login page and next step of integration with Kibana so that it receives the id/pwd for further use.
As an added bonus, I believe that having this login page will most probably allow @sscarduzio to close this 4 year old issue that elastic never addressed in Kibana.
Existing login page from Kibana Pro is good enough