Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User authenticated with Token authentication provider should not be able to change password #49865

Closed
azasypkin opened this issue Oct 31, 2019 · 2 comments · Fixed by #55206
Closed

User authenticated with Token authentication provider should not be able to change password #49865

azasypkin opened this issue Oct 31, 2019 · 2 comments · Fixed by #55206
Assignees
@azasypkin
Labels
Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
Security

Comments

@azasypkin
Copy link
Member

azasypkin commented Oct 31, 2019
edited
Loading

Currently Change Password API in Elasticsearch allows user to change password even if they are authenticated with Token authentication provider, but this will change with elastic/elasticsearch#48752 and we should make necessary changes in Kibana as well.

Blocked by: elastic/elasticsearch#48752
@azasypkin azasypkin added blocked Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Authentication Platform Security - Authentication labels Oct 31, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@kobelb kobelb added this to Scheduled in Security Oct 31, 2019
@jkakavas jkakavas mentioned this issue Nov 28, 2019
Merged
@azasypkin
Copy link
Member Author

We're unblocked now (apart from CI that still relies on 2 month old ES snapshot), will start working on this soon.

@azasypkin azasypkin removed the blocked label Jan 13, 2020
This was referenced Jan 16, 2020
Closed
Merged
@azasypkin azasypkin moved this from Scheduled to Done in Security Mar 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@azasypkin azasypkin

Labels
Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
No open projects
Security
Done
Milestone
No milestone
2 participants
@azasypkin @elasticmachine