ElasticSearch 7.3 basic authentication giving 403 Forbidden

I have recently installed ElasticSearch 7.3 basic on single instance of CentOS 7. Before enabling basic security I verified that I was able to access both ElasticSearch and Kibana UI.

Later I followed the exact steps specified at
https://www.elastic.co/guide/en/elasticsearch/reference/7.3/get-started-kibana-user.html

After that I restarted both Elasticsearch and Kibana and verified that both services are active.

When I am trying to access kibana for the first time so that I can add additional users, using http://mydomain:5601/, I am being prompted for login. I entered built in username (kibana) and password that I configured, but I keep getting follow response

{"statusCode":403,"error":"Forbidden","message":"Forbidden"}

Not sure why I am getting this error, even if I am entering correct username and pwd.

Are there any additional steps that I need to perform?

I will really appreciate any help. I am new to Elastic search stack.

Thanks,
Vinod.

if you do not connect to kibana, but try to connect directly to elasticsearch (using curl) with the kibana user and password. does that work?

This means that the user you are logging in with has no roles assigned to them.

kibana is an internal user meant to be used by kibana server in order to communicate with elasticsearch and should not be used by end users to log in to Kibana. Use the elastic user to log in at first , and then go to Management -> Security -> Users and create the users and roles that will give access to your users. You can read more about role based access control in our documentation

@ikakavas / @spinscale

When I tried to access elasticsearch to list all indexes using kibana user with basic authentication via curl as well as postman, I got the results back.

As @ikakavas suggested, I then used elastic user to login to Kibana and was able to go in without any issues. Thank you both for the helpful tips. Really appreciate it.

-Vinod.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.