Built-in user conexion in kibana UI failed

hello,

i'm new in the elastic stack, trying to install the elastic stack, i faced some problems .

what i already did : install the elasticsearch, kibana and logstash from the apt repository.

what i have in the elasticsearch.yml
path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch action.auto_create_index: true xpack.security.enabled: true

what i have in the kibana.yml
elasticsearch.username: "kibana" elasticsearch.password: "kibana"

what i have in the logstash.yml
xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.hosts: ["http://localhost:9200"] xpack.monitoring.elasticsearch.username: logstash_system xpack.monitoring.elasticsearch.password: logstash xpack.management.enabled: true xpack.management.pipeline.id: ["pipeline_1"] xpack.management.elasticsearch.hosts: ["http://localhost:9200"] xpack.management.elasticsearch.username: pipeline_user xpack.management.elasticsearch.password: pipline

then configure the x-pack.
I used the /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive to set the password of the built-in users
elastic
apm
kibana
logstash
beats
remote_user

after that i wanted to login with the user kibana in the kibana UI and get the 403 error
statusCode 403 error "Forbidden" message "Forbidden"

i can connect to the UI with the elastic user
i have this

curl -u elastic http://localhost:9200/_xpack/security/_authenticate?pretty
Enter host password for user 'elastic':
{
  "username" : "elastic",
  "roles" : [
"superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
"_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
"name" : "reserved",
"type" : "reserved"
  },
  "lookup_realm" : {
"name" : "reserved",
"type" : "reserved"
  }
}

and this

curl -u kibana http://localhost:9200/_xpack/security/_authenticate?pretty
Enter host password for user 'kibana':
{
  "username" : "kibana",
  "roles" : [
    "kibana_system"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  },
  "lookup_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  }
}

i think that the kibana user doesn't have the permissions to connect to the UI.

so my fist question, why kibana built-in user can't be authentified in the UI, or i missed a step in the configuration that manage this, or the kibana user is used for something other ?
if it's so what are the uses of the built-in users ?

and what is the privilege that allow an user to connecte to the UI ?, i did somme teste and can't isol the privilage,

thank you for your responce !!!

NB : i user the 7.1.1 elastic stack and ubuntu19,04

Mehdi.

Hello it's me again,

It's seems that the built in user doesn't have the monitor privileges, so i suppose that the main objective of this user is to make a sort of connexion between the diffrent element of the stack <and has nothing to do with the UI interface>, In this exemple it the kibana module and the elasticsearch module.

to have a user that can connect to the kibana UI:

  • We must start by creating a new user.
  • After that add a new role that had the the monitor privilege and set also the minimum privileges for all spaces to [all or read].
  • Finaly affect this role to a our new user.

In my precedent test i didn't change the minimum privileges for spaces that's why it didn't work.

NB: default value is none, so it can get no information from any spaces, even the default one.

Mehdi.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.