ECK showInSelector causes infinite 302 and kibana pod fails

Elastic Stack Kibana
1

Hi,

Kibana 7.10.2.
My goal is to either completely hide the provider selector screen or hide the providers.

When settings xpack showInSelector to 'false', Kibana pod fails to load with what looks like an infinite loop of GET that results with 302.

Here's my config:

    xpack:
      security:
        authc:
          providers:
            oidc:
              mytest:
                description: abc
                order: 1
                realm: realm1
                showInSelector: false <== problem 1

Same behavior happens when setting the xpack.security.authc.selector.enabled to disabled:

    xpack:
      security:
        authc:
          providers:
            oidc:
              mytest:
                description: abc
                order: 1
                realm: realm1
          selector:
            enabled: false <== problem 2

What could be the reason for this and how can I troubleshoot it?

2

What do the logs show?

3

I masked sensitive info:

{"type":"response","@timestamp":"2021-04-27T07:52:47Z","tags":,"pid":7,"method":"get","statusCode":302,"req":{"url":"/kibana/internal/security/capture-url?next=%2Fkibana%2Fkibana%2Finternal%2Fsecurity%2Fcapture-url%3Fnext%3D%252Fkibana%252Flogin%26providerType%3Doidc%26providerName%3D***&providerType=oidc&providerName=","method":"get","headers":{"host":"10.58.160.44:5601","user-agent":"kube-probe/1.18","referer":"https://10.58.160.44:5601/kibana/internal/security/capture-url?next=%2Fkibana%2Flogin&providerType=oidc&providerName=***","accept-encoding":"gzip","connection":"close"},"remoteAddress":"10.58.160.35","userAgent":"kube-probe/1.18","referer":"https://10.58.160.44:5601/kibana/internal/security/capture-url?next=%2Fkibana%2Flogin&providerType=oidc&providerName=***"},"res":{"statusCode":302,"responseTime":2,"contentLength":9},"message":"GET /kibana/internal/security/capture-url?next=%2Fkibana%2Fkibana%2Finternal%2Fsecurity%2Fcapture-url%3Fnext%3D%252Fkibana%252Flogin%26providerType%3Doidc%26providerName%3D&providerType=oidc&providerName=*** 302 2ms - 9.0B"}

4

hi @warkolm any idea?

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.