We’re using http proxies in front of our Elasticsearch instances. Direct access to Elasticsearch and kibana are blocked. This allows us to make use of our local setup for SingleSignOn. We still define users and groups (eg for basicAuth) via ROR rules. In order to pass on the user name we currently use a FakeBasicAuth since we have to provide ROR with an auth_key (which by itself is fairly meaningless in our setup).
Thinking over it, we believe that we can simpify this if the auth_key would be optional when defining users in ROR. Would that be possible ?
Let’s do this?