and I have OIDC client secret in keystore. I also generated passwords for built in users, i.e. kibana, apm_user etc. But I only changed password for kibana user in kibana.yml.
When I try to login to kibana, the kibana redirects to OIDC provider login page. I login to the OIDC provider and I am redirected to kibana server where I see the following message:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "[security_exception] unable to authenticate user [<OIDC Token>] for action [cluster:admin/xpack/security/oidc/authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"
}
I enabled logging and there was an error regarding ssl certificate. so, I generated ssl certificates and tried authentication. Following is the log output:
[2019-12-19T15:26:16,067][INFO ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2019-12-19T15:26:16,069][INFO ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[2019-12-19T15:26:16,386][INFO ][o.e.c.r.a.AllocationService] [X556UQK] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[security-auditlog-2019.12.04][0]]]).
[2019-12-19T15:26:16,812][INFO ][o.e.c.m.MetaDataIndexTemplateService] [X556UQK] adding template [.management-beats] for index patterns [.management-beats]
[2019-12-19T15:26:19,923][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
[2019-12-19T15:26:21,231][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
[2019-12-19T15:27:53,209][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
[2019-12-19T15:28:02,427][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
[2019-12-19T15:28:08,899][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
[2019-12-19T15:28:10,099][WARN ][o.e.x.s.a.AuthenticationService] [X556UQK] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by ElasticsearchSecurityException[Failed to get user information from the UserInfo endpoint.]; nested: IllegalStateException[Error merging ID token and userinfo claim value for claim [email_verified]. Cannot merge [java.lang.Boolean] with [java.lang.String]]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.