Basic Authentication with https and native realm

Elastic Stack Elasticsearch
#1

I am trying to use Basic Authentication when HTTPS is enabled. I am using default "native" realm. Is Basic Authentication not supported when HTTPS is enabled and realm is "native"?

I successfully used API Key and but could NOT use Token because I think the free version does not support generating token. Another interesting thing is, I think Kibana uses https and basic authentication but it fails for me when I use a high level REST API Java client.

I just added following xpack properties to my elasticsearch.yml.

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elasticsearch/http.p12
xpack.security.http.ssl.truststore.path: elasticsearch/http.p12

Please note, this is my dev environment and I am trying to keep the configuration changes to a minimum to begin with. I am using all defaults including the user for basic authentication i.e. "elastic". Also, my application works fine with basic authentication but HTTPS disabled.

Any clues? Thank you in advance.

#2

Hi @shivkumar.chelwa

Yes API Keys are available as part of basic if you want to see what is included in basic see here.

With respect to basic auth and TLS I wrote a little how to here if you are interested. Take a look it has helped a few folks.

And of course the official documentation Getting Started with Security can be found here

#3

It's hard to diagnose "it fails". The more details you can provide, the more likely it is that we can help you solve it.

#4

@TimV , My java client code along with elasticsearch.yml is available at GitHub - shivchelwa/elastic-ssl-client: Elastic SSL Client. I am getting a "401 Unauthorized" as below:

ElasticsearchStatusException[method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]]; nested: ResponseException[method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]];
	at org.elasticsearch.client.RestHighLevelClient.parseResponseException(RestHighLevelClient.java:1885)
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1645)
	at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1617)
	at org.elasticsearch.client.IndicesClient.exists(IndicesClient.java:974)
	at org.me.elastic.ElasticSSLClient.createIndexes(ElasticSSLClient.java:88)
	at org.me.elastic.ElasticSSLClient.main(ElasticSSLClient.java:37)
Caused by: org.elasticsearch.client.ResponseException: method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]
	at org.elasticsearch.client.RestClient.convertResponse(RestClient.java:326)
	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:296)
	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:270)
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1632)
	... 4 more
#5

@stephenb, elastic and kibana setup with TLS and basic authentication works fine for me. The problem is when I use high-level REST client. Thank you.

#6

I found the issue with my Java REST client. I was not setting credential provider along with sslcontext. Closing this thread.