* Adding authentication information to access token create APIs (#62490)
* Adding authentication information to access token create APIs
Adding authentication object to following APIs:
/_security/oauth2/token
/_security/delegate_pki
/_security/saml/authenticate
/_security/oidc/authenticate
Resolves: #59685
(cherry picked from commit 51dbd9e584)
* Addressing PR commends, fixing tests
* Returning tokenGroups attribute as SID string instead of byte array (AD metadata)
Addressing PR comments
* Returning tokenGroups attribute as SID string instead of byte array (AD metadata)
Update version check
* Returning tokenGroups attribute as SID string instead of byte array (AD metadata)
Update version check
* Addressing more PR comments
* Adding more to integration tests + some small fixes
* Nit fixes and formatting following #62490 comments (#63797)
* Nit fixes and formatting following #62490 comments
Resolves: #63792
* Nit fixes and formatting following #62490 comments
Resolves: #63792
* Nit fixes and formatting following #62490 comments
Fixing username
* Nit fixes and formatting following #62490 comments
Fixing formatting
* Fixing merge conflicts
* Fixing merge conflicts
This commit introduces PKI realm delegation. This feature
supports the PKI authentication feature in Kibana.
In essence, this creates a new API endpoint which Kibana must
call to authenticate clients that use certificates in their TLS
connection to Kibana. The API call passes to Elasticsearch the client's
certificate chain. The response contains an access token to be further
used to authenticate as the client. The client's certificates are validated
by the PKI realms that have been explicitly configured to permit
certificates from the proxy (Kibana). The user calling the delegation
API must have the delegate_pki privilege.
Closes#34396
