Tech Topics

Shield 1.3 and 1.2.2 Released

作者

Today we’re excited to announce Shield 1.3 and Shield 1.2.2! Read below for all of the details and then download it here.

Shield 1.2.2 is a bugfix release, please refer to the change list for details on what has been fixed.

Shield 1.3 is the latest feature release and is our first release to introduce a new realm! Shield 1.3 also includes a new output for auditing and several other enhancements. Here are the highlights:

pki realm

The Public Key Infrastructure (PKI) realm is the first new realm to be introduced since Shield was released and is a very important realm. We received a lot of feedback from users who wanted to directly authenticate their application servers without storing user credentials. In many of these cases, the PKI realm can be used in place of storing and passing credentials. The PKI realm uses X.509 certificates for authentication and maps the distinguished name (DN) to a user via the configured role mappings.

index output for auditing

An index based output for auditing has been added. This output allows indexing of audit events into the current cluster or a remote cluster. This means that the audit logs can now be searched and analyzed using elasticsearch out of the box. For more details on configuring the index based auditing, please refer to the documentation.

Here's an example Kibana dashboard based on the audit data:

breaking changes

Shield 1.3 does contain a few breaking changes, though in most cases, upgrading to Shield 1.3 will not require any additional changes.

The first breaking change is that the sha2 and apr1 hashing algorithms have been removed as options for cache.hash_algo setting. If you are using either of these, please specify one of the other supported hashing algorithms or remove this setting altogether to fall back on the default, ssha256.

Additionally, the users file now only supports bcrypt password hashes. The esusers tool has always generated bcrypt hashes, so as long as this tool is used, there will be no issues when upgrading to Shield 1.3.

other changes

Refer to the Shield 1.3 change list for the full list of changes including bug fixes and other enhancements.

upgrading

Please refer to the upgrade section of the Shield documentation.

feedback

We would love to hear any feedback that you may have via the Shield category in our forums.