Connection problem with shield plug-in for kibana

security

#1

Hello,

I have a strange problem, in fact I have configured shield with Kibana and after creating many users I can not connect with any of these users.

Thank you for your help.

Max


(Jay Modi) #2

Hi Max,

Do the users work when accessing elasticsearch directly?


#3

Yes it works..

Thanks for your reply


(Jay Modi) #4

This is odd. What versions of elasticsearch, kibana and shield are you using? Do you see any messages in your kibana log file?


#5

My versions are:

kibana 4.5
shield 2.3.1
elasticseach 2.3.1

I see no logs in kibana...


(Jay Modi) #6

Do you have cors enabled in your elasticsearch.yml file? This may be the issue https://github.com/elastic/kibana/issues/6719#issuecomment-204448145


#7

I have nothing in my elasticsearch.yml file.
No line corresponds to it.


#8

This is a strange log from elasticsearch:

[2016-04-19 14:58:17,275][WARN ][shield.transport.netty ] [Ncer14eld1A] Caught exception while handling client http traffic, closing connection [id: 0xe1a7ccb2, /x.x.x.xx:46554 => /x.x.x.xx:9200]
java.lang.IllegalArgumentException: empty text
at org.jboss.netty.handler.codec.http.HttpVersion.(HttpVersion.java:89)
at org.jboss.netty.handler.codec.http.HttpVersion.valueOf(HttpVersion.java:62)
at org.jboss.netty.handler.codec.http.HttpRequestDecoder.createMessage(HttpRequestDecoder.java:75)
at org.jboss.netty.handler.codec.http.HttpMessageDecoder.decode(HttpMessageDecoder.java:191)
at org.jboss.netty.handler.codec.http.HttpMessageDecoder.decode(HttpMessageDecoder.java:102)
at org.jboss.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:500)
at org.jboss.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.elasticsearch.common.netty.OpenChannelsHandler.handleUpstream(OpenChannelsHandler.java:75)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
at org.jboss.netty.handler.ipfilter.IpFilteringHandlerImpl.handleUpstream(IpFilteringHandlerImpl.java:154)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)


(Jay Modi) #9

Can you share your kibana configuration? And to confirm, you have made no changes to the elasticsearch configuration?


#10

kibana configuration:

elasticsearch configuration:


(Jay Modi) #11

you are using a https URL to connect to elasticsearch in your kibana.yml file but do not have SSL enabled on elasticsearch. Try changing https to http


#12

it works !

thanks so much


(system) #13