Basic Authentication with https and native realm

I am trying to use Basic Authentication when HTTPS is enabled. I am using default "native" realm. Is Basic Authentication not supported when HTTPS is enabled and realm is "native"?

I successfully used API Key and but could NOT use Token because I think the free version does not support generating token. Another interesting thing is, I think Kibana uses https and basic authentication but it fails for me when I use a high level REST API Java client.

I just added following xpack properties to my elasticsearch.yml.

xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elasticsearch/http.p12
xpack.security.http.ssl.truststore.path: elasticsearch/http.p12

Please note, this is my dev environment and I am trying to keep the configuration changes to a minimum to begin with. I am using all defaults including the user for basic authentication i.e. "elastic". Also, my application works fine with basic authentication but HTTPS disabled.

Any clues? Thank you in advance.

Hi @shivkumar.chelwa

Yes API Keys are available as part of basic if you want to see what is included in basic see here.

With respect to basic auth and TLS I wrote a little how to here if you are interested. Take a look it has helped a few folks.

And of course the official documentation Getting Started with Security can be found here

It's hard to diagnose "it fails". The more details you can provide, the more likely it is that we can help you solve it.

@TimV , My java client code along with elasticsearch.yml is available at GitHub - shivchelwa/elastic-ssl-client: Elastic SSL Client. I am getting a "401 Unauthorized" as below:

ElasticsearchStatusException[method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]]; nested: ResponseException[method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]];
	at org.elasticsearch.client.RestHighLevelClient.parseResponseException(RestHighLevelClient.java:1885)
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1645)
	at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1617)
	at org.elasticsearch.client.IndicesClient.exists(IndicesClient.java:974)
	at org.me.elastic.ElasticSSLClient.createIndexes(ElasticSSLClient.java:88)
	at org.me.elastic.ElasticSSLClient.main(ElasticSSLClient.java:37)
Caused by: org.elasticsearch.client.ResponseException: method [HEAD], host [https://localhost:9200], URI [/test_index_1?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=false], status line [HTTP/1.1 401 Unauthorized]
	at org.elasticsearch.client.RestClient.convertResponse(RestClient.java:326)
	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:296)
	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:270)
	at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1632)
	... 4 more

@stephenb, elastic and kibana setup with TLS and basic authentication works fine for me. The problem is when I use high-level REST client. Thank you.

I found the issue with my Java REST client. I was not setting credential provider along with sslcontext. Closing this thread.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.