Today we’re excited to announce Shield 1.3 and Shield 1.2.2! Read below for all of the details and then download it here.
Shield 1.2.2 is a bugfix release, please refer to the change list for details on what has been fixed.
Shield 1.3 is the latest feature release and is our first release to introduce a new realm! Shield 1.3 also includes a new output for auditing and several other enhancements. Here are the highlights:
The Public Key Infrastructure (PKI) realm is the first new realm to be introduced since Shield was released and is a very important realm. We received a lot of feedback from users who wanted to directly authenticate their application servers without storing user credentials. In many of these cases, the PKI realm can be used in place of storing and passing credentials. The PKI realm uses X.509 certificates for authentication and maps the distinguished name (DN) to a user via the configured role mappings.
index output for auditing
An index based output for auditing has been added. This output allows indexing of audit events into the current cluster or a remote cluster. This means that the audit logs can now be searched and analyzed using elasticsearch out of the box. For more details on configuring the index based auditing, please refer to the documentation.
Here's an example Kibana dashboard based on the audit data:
Shield 1.3 does contain a few breaking changes, though in most cases, upgrading to Shield 1.3 will not require any additional changes.
The first breaking change is that the
apr1 hashing algorithms have been removed as options for
cache.hash_algo setting. If you are using either of these, please specify one of the other supported hashing algorithms or remove this setting altogether to fall back on the default,
users file now only supports
bcrypt password hashes. The
esusers tool has always generated
bcrypt hashes, so as long as this tool is used, there will be no issues when upgrading to Shield 1.3.
Refer to the Shield 1.3 change list for the full list of changes including bug fixes and other enhancements.
Please refer to the upgrade section of the Shield documentation.
We would love to hear any feedback that you may have via the Shield category in our forums.