Built-in user conexion in kibana UI failed

hello,

i'm new in the elastic stack, trying to install the elastic stack, i faced some problems .

what i already did : install the elasticsearch, kibana and logstash from the apt repository.

what i have in the elasticsearch.yml
path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch action.auto_create_index: true xpack.security.enabled: true

what i have in the kibana.yml
elasticsearch.username: "kibana" elasticsearch.password: "kibana"

what i have in the logstash.yml
xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.hosts: ["http://localhost:9200"] xpack.monitoring.elasticsearch.username: logstash_system xpack.monitoring.elasticsearch.password: logstash xpack.management.enabled: true xpack.management.pipeline.id: ["pipeline_1"] xpack.management.elasticsearch.hosts: ["http://localhost:9200"] xpack.management.elasticsearch.username: pipeline_user xpack.management.elasticsearch.password: pipline

then configure the x-pack.
I used the /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive to set the password of the built-in users
elastic
apm
kibana
logstash
beats
remote_user

after that i wanted to login with the user kibana in the kibana UI and get the 403 error
statusCode 403 error "Forbidden" message "Forbidden"

i can connect to the UI with the elastic user
i have this

curl -u elastic http://localhost:9200/_xpack/security/_authenticate?pretty
Enter host password for user 'elastic':
{
  "username" : "elastic",
  "roles" : [
"superuser"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
"_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
"name" : "reserved",
"type" : "reserved"
  },
  "lookup_realm" : {
"name" : "reserved",
"type" : "reserved"
  }
}

and this

curl -u kibana http://localhost:9200/_xpack/security/_authenticate?pretty
Enter host password for user 'kibana':
{
  "username" : "kibana",
  "roles" : [
    "kibana_system"
  ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  },
  "lookup_realm" : {
    "name" : "reserved",
    "type" : "reserved"
  }
}

i think that the kibana user doesn't have the permissions to connect to the UI.

so my fist question, why kibana built-in user can't be authentified in the UI, or i missed a step in the configuration that manage this, or the kibana user is used for something other ?
if it's so what are the uses of the built-in users ?

and what is the privilege that allow an user to connecte to the UI ?, i did somme teste and can't isol the privilage,

thank you for your responce !!!

NB : i user the 7.1.1 elastic stack and ubuntu19,04

Mehdi.

Hello it's me again,

It's seems that the built in user doesn't have the monitor privileges, so i suppose that the main objective of this user is to make a sort of connexion between the diffrent element of the stack <and has nothing to do with the UI interface>, In this exemple it the kibana module and the elasticsearch module.

to have a user that can connect to the kibana UI:

• We must start by creating a new user.
• After that add a new role that had the the monitor privilege and set also the minimum privileges for all spaces to [all or read].
• Finaly affect this role to a our new user.

In my precedent test i didn't change the minimum privileges for spaces that's why it didn't work.

NB: default value is none, so it can get no information from any spaces, even the default one.

Mehdi.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.