Custom realm extension configuration

Hi,

I'm having trouble with custom realm configuration when upgrading from Elasticsearch from 6.8.0 to 7.2.0 with custom realm configuration. I can't see what the problem is... Could anyone help me here please - thanks! ~ Iain

  • I'm performing an upgrade of a legacy ELK deployment and currently hitting issues an elasticsearch node from 6.8.1 to 7.2.0 (using Rolling upgrade)
  • The deployment uses a custom realm extension - acme-abc-realm. I've installed a custom realm extension acme-abc-realm following the steps outlined in Custom Realms.
[elasticsearch-7.2.0]# bin/elasticsearch-plugin list --verbose
Plugins directory: /opt/elasticsearch-7.2.0/plugins
acme-abc-realm
- Plugin information:
Name: acme-abc-realm
Description: A ACME custom security extension
Version: 7.2.0
Elasticsearch Version: 7.2.0
Java Version: 1.8
Native Controller: false
Extended Plugins: [x-pack-security]
 * Classname: com.acme.xpack.AcmeExtensionPlugin
xpack.security.authc:
  realms:
    custom.acme-abc-realm:
      order: 0
      maxConnections: 5
      maxConnectionsPerHost: 5
      connectionTimeout: 5000
      socketTimeout: 5000
...
  • On startup of the ES node, I get the following error:
	Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.custom.acme-abc-realm.imsCacheExpiryInMinutes] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

[2019-07-26T10:17:32,823][ERROR][o.e.b.Bootstrap          ] [iel-dev-rep-vm2] Exception
java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.custom.acme-abc-realm.maxConnections] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:531) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:476) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:418) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:148) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.node.Node.<init>(Node.java:342) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) [elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-7.2.0.jar:7.2.0]
        at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.2.0.jar:7.2.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.2.0.jar:7.2.0]
        Suppressed: java.lang.IllegalArgumentException: unknown setting [xpack.security.authc.realms.custom.acme-abc-realm.maxConnectionsPerHost] please check that any required 
  • I've tried to resolve this myself but am getting nowhere..
  • Could someone guide me here please as to what I'm doing wrong please ?
  • Thanks again for your time!

I am having the same issue trying to get a custom realm to load in 7.2 that worked in 6.7. I see that the configuration has changed so I am not sure if the following would work for you or not

xpack:
  security:
    authc:
      realms:
        acme-abc-realm:
          custom1:
            order: 0

In 7.0 and later, the getRealmSettings method has been removed from SecurityExtension.

Your plugin is now responsible for registering its own settings.
The sample in our GitHub repository has an example of this.

Thanks @Eric_Robinson1, @TimV for your help.

I would suggest it may be useful to add Tim's statement to Integrating with other authentication systems as a hint to others who may come across same issue.

:+1:

Thanks @TimV I was able to get my plugin working as well by adding the following.

List<Setting<?>> list = new ArrayList<>(RealmSettings.getStandardSettings(CustomRealm.TYPE));

I agree with @iainardo adding that to the docs would be helpful.